pfSense

Munin-node on pfSense 2.1.x and 2.2.x

Alejandro Olivan Alvarez

3 min read
Munin-node on pfSense 2.1.x and 2.2.x

I like monitoring... and, after early mrtg experiences, munin was my first, production, centralized monitoring system I dealt with.
Although focused in graphing, It is very useful if you want a quick plain website where you can simply put and browse all your systems graphs.

Since I use pfSense both virtual and physical extensively, it was very frustrating not having a nice pfSense package, but, fortunately, being pfSense freeBSD based, we can use the OS packaged munin-node.

Since I have still not migrated to pfSense 2.3.x, this post will cover both 2.1.x and 2.2.x.
Also, I have always had problems when upgrading 2.1.x nanobsd routers as munin-node was screwed upon upgrade.

Here we go...

Instaling packages in pfSense 2.1.x

get to console either via VGA, serial or SSH.

Remember that if your install is nanobsd you need to turn the filesystem read-write with this command:

/etc/rc.conf_mount_rw

 
And, very important, after messing with your nanobsd install, tur it read-only again!

/etc/rc.conf_mount_ro

 
Now we need to manually setup package sources and download and install needed stuff...
First we will install 'nano' cli text editor:

setenv PACKAGESITE "http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-8.3-release/editors/"
pkg_add -r nano-2.2.6.tbz

 
And once we can easily edit textfiles on the console we proceed with munin-node:

setenv PACKAGESITE "http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-8.3-release/Latest/"
pkg_add -r munin-node

 
Now, munin-node is installed, but the package has not been automatically configured as usually in Linux... so execute the following to autodetect system values and services that can be monitored:

/usr/local/sbin/munin-node-configure --suggest --shell | sh

 
Now we have to tune a little bit the iostat plugin and the munin-node path for pfSense... so execute these:

sed -i -e 's/MB/KB/' /usr/local/etc/munin/plugins/iostat
mv /usr/local/etc/rc.d/munin-node /usr/local/etc/rc.d/munin-node.sh

 
Finally, we need to edit the file /usr/local/etc/rc.d/munin-node.sh again for pfSense environment. so use nano editor (or vi if you like) like this:

nano /usr/local/etc/rc.d/munin-node.sh

 
And paste the following among the present similar lines (order does not strictly matters):

#added pfsense config lines
[ -d /var/run/munin ] || mkdir /var/run/munin
[ -d /etc/rc.conf ] || echo 'munin_node_enable="YES"' >> /etc/rc.conf
#end adding

 
Now munin-node package is installed and modified to run in your router. Wi will configure it and start it later on!

Instaling packages in pfSense 2.2.x

In pfSense 2.2.x we do have the luxury of a package manager up and running from the very beginning, so no tricks are needed, just do the following, to automatically setup pkg, update it, and install packages:

pkg
pkg update
pkg install nano
rehash
pkg install munin-node
rehash

 
if you're running a nanobsd install you may note the first command (pkg) being reaaaaally slow on a CF. just be patient, it may take very very long time, let it work and do another think... (this happens only the FIRST time you run it, althoug install is always sluggish in CF anyways...)

Configuration and start up

As usual, we will have to add the usual 'allow IP' rules configuration in nano /usr/local/etc/munin/munin-node.conf config file.
This is the bare minimum required setup, in order to stablish which munin servers do our pfSense munin-node trust, and let them fetch data to draw their graphs.
But we will also add some tunning in the config, since pfSense, and specially nanobsd installs have special requirements, so:

nano /usr/local/etc/munin/munin-node.conf

 
look, find and replace or comment out the following lines, replacing them with new ones... here is an excerpt of how it should finally look like:

# Replacing this lines to adapt to pfsense
# log_level 4
# log_file /var/log/munin/munin-node.log
# pid_file /var/run/munin/munin-node.pid

log_level 0
log_file /tmp/munin-node.log
pid_file /tmp/nmunin-node.pid

 
Note down you munin-server IPs and add them, one line per IP, to the allowed IP list you'll easily find, like this (replace XXX.XXX.XXX.XXX by real IP):

allow ^XXX\.XXX\.XXX\.XXX$

 
And you're done!... ready to start the service.

If you're still in pfSense 2.1.x you'll start munin-node like this:

/usr/local/etc/rc.d/munin-node.sh start

 
If you're with 2.2.x you will start instead that way:

/usr/local/etc/rc.d/munin-node start

 
Enjoy!