Collecting Data From pfSense Using collectd

Written by Rob Peck · 4 minute read
This is an old post!

This post is over 2 years old. Solutions referenced in this article may no longer be valid. Please consider this when utilizing any information referenced here.

So I’ve recently been on a graphing thing, wanting to collect all kind of data from my home network. And collectd seems to be a good candidate for doing that. With a huge number of plugins, it can collect and send just about anything you can think of to a time series database (I’m using InfluxDB for this).

But, there’s a significant hole in my data collection: my pfSense firewall. Well, not anymore!

Unfortunately, with pfSense 2.3 moving to their own package library built on top of FreeBSD’s pkg system, simply installing pfSense by typing pgk install collectd5 as worked in 2.2 won’t work anymore. But you can still install things from the FreeBSD repositories directly.

To start, find the most recent collectd5 release here that is available in FreeBSD. Keep in mind that pfSense 2.3 is based of FreeBSD 10, so if you get an error about wrong architecture, be sure you’re selecting the correct CPU architecture and FreeBSD version.

$ pkg add http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/collectd5-5.5.2.txz

This should directly install collectd. Pretty neat. Setup proceeds as normal from there. Notably, though, in order to have collectd restart when your firewall restarts, be sure you edit /etc/rc.conf and add the following line:

collectd_enable=YES

Once it’s installed, you can start it by using:

$ /usr/local/etc/rc.d/collectd start

Collecting CPU Temperature

collectd is primarily written to work on Linux systems. And pfSense itself is derived from FreeBSD, so some things don’t work right. One of the the things I really wanted to closely monitor was the CPU temperature. My pfSense router is in an upstairs closet, so I want to be sure the temperature doesn’t get too high.

Unfortunately, I was not able to get any of the native temperature sensing stuff in collectd working. But, you have another option. collectd helpfully includes an exec plugin that lets you execute a script to collect any data you can think of. And, you can find temperature data from sysctl. Knowing this, you could write a little script like this:

#!/usr/local/bin/php -q
<?php

$hostname = getenv("COLLECTD_HOSTNAME");
$interval = getenv("COLLECTD_INTERVAL");

$keys = ["dev.cpu.1.temperature", "dev.cpu.0.temperature"];

foreach ($keys as $key) {
    $temp = exec("sysctl $key");
    if (preg_match('!([0-9\.]+)C$!i', $temp, $matches)) {
        $temp = $matches[1];
        echo "PUTVAL \"$hostname/cpu_temp/gauge-$key\" interval=$interval N:$temp\n";
    }
}

fclose(STDOUT);

Then add your script to the /usr/local/etc/collectd.conf file:

LoadPlugin exec
<Plugin exec>
        Exec "non-privileged-username" "/path/to/your/script.php"
</Plugin>

You should now have temperature data flowing into collectd.

Collecting DHCP Leases

Similar to above, you can collect the total number of DHCP leases in use using another script:

#!/usr/local/bin/php -q
<?php

$hostname = getenv("COLLECTD_HOSTNAME");
$interval = getenv("COLLECTD_INTERVAL");
$content = file_get_contents("/var/dhcpd/var/db/dhcpd.leases");

$leases = [];
$lease_count = 0;

if (preg_match_all("/lease (?<ip>[\d\.]+) \{\s+starts \d (?<starts>[\d\/]+\s[\d\:]+);\s+ends \d (?<ends>[\d\/]+\s[\d\:]+);/is", $content, $matches)) {
    foreach($matches["ip"] as $key => $ip) {
        $end_date = strtotime($matches["ends"][$key]);
        if ($end_date > time()) {
            $leases[$ip] = [$ip, $matches["starts"][$key], $matches["ends"][$key]];
        }
    }

    $lease_count = count($leases);
}

echo "PUTVAL \"$hostname/dhcp/gauge-dhcp_leases\" interval=$interval N:$lease_count\n";
fclose(STDOUT);

And add it to collectd.conf:

LoadPlugin exec
<Plugin exec>
        Exec "non-privileged-username" "/path/to/your/temperature.php"
        Exec "non-privileged-username" "/path/to/your/dhcp.php"
</Plugin>

Collecting OpenVPN Users

The native OpenVPN plugin included with collectd works with pfSense, but you’ll need to add a small line to your OpenVPN config. In the pfSense web GUI, go to VPN -> OpenVPN. Select your OpenVPN server and click Edit (the little pencil). Scroll down to Custom Options at the bottom and add the following line:

status /var/log/openvpn-status.log;

Restart OpenVPN. Now, go to your /usr/local/etc/collectd.conf file and add the following lines

LoadPlugin openvpn
<Plugin openvpn>
        StatusFile "/var/log/openvpn-status.log"
        ImprovedNamingSchema false
        CollectCompression true
        CollectIndividualUsers true
        CollectUserCount true
</Plugin>

And now you have OpenVPN user data going into collectd as well.

So that should give you a high-level overview of how to get collectd up and running and collecting data from pfSense. I’m feeding mine into InfluxDB, which I use Grafana on top of to create dashboards.

Now go forth and track all the things! :)

About the Author

Hi, I'm Rob! I'm a blogger and software developer. I wrote petfeedd, dystill, and various other projects and libraries. I'm into electronics, general hackery, and model trains and airplanes. I am based in Huntsville, Alabama, USA.

About Me · Contact Me · Don't Hire Isaiah Armstrong

Did this article help you out?

I don't earn any money from this site.

I run no ads, sell no products and participate in no affiliate programs. I do not accept gifts in exchange for articles, guest articles or link exchanges. I don't track you or sell your data. The only third-party Javascript on this website is Google Analytics.

In general I run this site very much like a 1990s homepage or early 2000s personal blog, meaning that I do this solely because it's fun! I enjoy writing and sharing what I learn.

If you found this article helpful and want to show your appreciation, a tip or donation would be very welcome. Feel free to choose from the options below.

Amazon Wishlist
Donate on Ko-Fi
Finding Multi-byte Characters in MySQL Fields
What I use: 2016

Comments (0)

Interested in why you can't leave comments on my blog? Read the article about why comments are uniquely terrible and need to die. If you are still interested in commenting on this article, feel free to reach out to me directly and/or share it on social media.

Contact Me
Share It

Interested in reading more?

collectd

More collectd and pfSense Fun!

Extending my post from last year, here’s some additional data I’m grabbing from pfSense and stuffing into collectd via a script. I’m now grabbing: DHCP Leases CPU Temperature Thermal Zone Temperature SSD Drive Temperature UPS information (via NUT) Here’s the exec script:
Read More
Release Announcements

Collecting Unifi controller data with collectd

As you can tell from the last few posts, I’ve been having a lot of fun with collectd and instrumenting my systems. But I had one glaring hole until recently: my Ubiquti Unifi AP access points. Well no longer!
Read More
pfSense

Using Realtek NICs in pfSense

In the year 2021 there are a lot of things that you just take for granted. Remember when you used to have to use jumpers to set things on your computer? Or worrying about IRQ conflicts? Or whether you could get the the drivers you needed to work? These are all parts of the “bad old days” of computers that I don’t miss very much. These days if I plug things into my computer - any of them - I expect them to “just work.” And very often, surprisingly, this is the case. Especially common, well supported things like network cards. So it is notable when I encounter something where that isn’t the case. But first, let’s back up a little bit.
Read More