You were never here, you didn't see anything..

Zabbix Agent & OPNSense


Currently I am running Zabbix to monitor my network, and OPNSense to secure it. There is a Zabbix agent available for OPNSense which gives access to a number of stats. One thing missing however is configuration of the encryption variables in the OPNSense GUI.

One cannot simply enable the feature using the config file as it is auto-ggenerated and on every restart it gets re-written. To enable the encryption you have to create a new config file, I named mine TLS.conf, with a path of “/usr/local/etc/zabbix_agentd.conf.d”. Final content of mine which makes use of PSK based encryption:

TLSConnect=psk
TLSAccept=psk
TLSPSKIdentity=PSK 001
TLSPSKFile=/usr/local/etc/zabbix_agentd.psk

In the above “PSK 001” the 001 can be any number that is configured on the Zabbix server, as long as they match. Then create the psk keyfile located at “/usr/local/etc/zabbix_agentd.psk”. I generate a random key using openssl via the following command:

openssl rand -hex 32 > zabbix_agentd.psk

A side note on the key file, seems it only works with key sizes of 32bytes or less. Using the command above you can then read the contents of the file and copy it in to the Zabbix host configuration.

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This blog is kept spam free by WP-SpamFree.

Most who fail…

Most who fail have yet to really try!