Complete Metrics Reference¶
This page provides a complete reference of all Prometheus metrics exposed by the OPNsense Exporter.
The opnsense_instance label is applied to all metrics.
Summary¶
- Total metrics: 275
- Gauges: 143
- Counters: 132
General¶
| Metric Name | Type | Labels | Description |
|---|---|---|---|
| opnsense_up | Gauge | --- | Was the last scrape of OPNsense successful. (1 = yes, 0 = no) |
| opnsense_firewall_status | Gauge | --- | Status of the firewall reported by the system health check (1 = ok, 0 = errors) |
| opnsense_system_status_code | Gauge | --- | Numeric system status code from health check (2 = OK for OPNsense >= 25.1) |
| opnsense_exporter_scrapes_total | Counter | --- | Total number of times OPNsense was scraped for metrics. |
| opnsense_exporter_endpoint_errors_total | Counter | endpoint | Total number of errors by endpoint returned by the OPNsense API during data fetching |
ARP Table¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_arp_table_entries | Gauge | ip, mac, hostname, interface_description, type, expired, permanent | Arp entries by ip, mac, hostname, interface description, type, expired and permanent | --exporter.disable-arp-table |
Activity¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_activity_threads_total | Counter | --- | Total number of threads on the system | --exporter.disable-activity |
| opnsense_activity_threads_running | Gauge | --- | Number of running threads on the system | --exporter.disable-activity |
| opnsense_activity_threads_sleeping | Gauge | --- | Number of sleeping threads on the system | --exporter.disable-activity |
| opnsense_activity_threads_waiting | Gauge | --- | Number of waiting threads on the system | --exporter.disable-activity |
| opnsense_activity_cpu_user_percent | Gauge | --- | CPU user usage percentage | --exporter.disable-activity |
| opnsense_activity_cpu_nice_percent | Gauge | --- | CPU nice usage percentage | --exporter.disable-activity |
| opnsense_activity_cpu_system_percent | Gauge | --- | CPU system usage percentage | --exporter.disable-activity |
| opnsense_activity_cpu_interrupt_percent | Gauge | --- | CPU interrupt usage percentage | --exporter.disable-activity |
| opnsense_activity_cpu_idle_percent | Gauge | --- | CPU idle percentage | --exporter.disable-activity |
CARP¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_carp_demotion | Gauge | --- | CARP demotion level | --exporter.disable-carp |
| opnsense_carp_allow | Gauge | --- | Whether CARP is allowed (1 = allowed, 0 = not allowed) | --exporter.disable-carp |
| opnsense_carp_maintenance_mode | Gauge | --- | Whether CARP maintenance mode is enabled (1 = enabled, 0 = disabled) | --exporter.disable-carp |
| opnsense_carp_vips_total | Counter | --- | Total number of CARP Virtual IPs | --exporter.disable-carp |
| opnsense_carp_vip_status | Gauge | interface, vhid, vip | CARP VIP status (1 = MASTER, 0 = BACKUP, 2 = INIT, -1 = unknown) | --exporter.disable-carp |
| opnsense_carp_vip_advbase_seconds | Gauge | interface, vhid, vip | CARP VIP advertisement base interval in seconds | --exporter.disable-carp |
| opnsense_carp_vip_advskew | Gauge | interface, vhid, vip | CARP VIP advertisement skew | --exporter.disable-carp |
Certificates¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_certificate_valid_from_seconds | Gauge | description, commonname, cert_type, in_use | Certificate valid from timestamp in seconds since epoch | --exporter.disable-certificates |
| opnsense_certificate_valid_to_seconds | Gauge | description, commonname, cert_type, in_use | Certificate valid to (expiry) timestamp in seconds since epoch | --exporter.disable-certificates |
| opnsense_certificate_info | Gauge | description, commonname, cert_type, in_use | Certificate information (value is always 1) | --exporter.disable-certificates |
| opnsense_certificate_total | Gauge | --- | Total number of certificates | --exporter.disable-certificates |
Cron¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_cron_job_status | Gauge | schedule, description, command, origin | Cron job status by name and description (1 = enabled, 0 = disabled) | --exporter.disable-cron-table |
Dnsmasq DHCP¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_dnsmasq_leases_total | Counter | --- | Total number of DHCP leases | --exporter.disable-dnsmasq |
| opnsense_dnsmasq_leases_by_interface | Gauge | interface | Number of DHCP leases per interface | --exporter.disable-dnsmasq |
| opnsense_dnsmasq_leases_reserved_total | Counter | --- | Total number of reserved (static) DHCP leases | --exporter.disable-dnsmasq |
| opnsense_dnsmasq_leases_dynamic_total | Counter | --- | Total number of dynamic DHCP leases | --exporter.disable-dnsmasq |
| opnsense_dnsmasq_lease_info | Gauge | address, hostname, hwaddr, interface | Per-lease information (value is expire timestamp). Only emitted when --exporter.enable-dnsmasq-details is set. | --exporter.disable-dnsmasq |
| opnsense_dnsmasq_service_running | Gauge | --- | Whether the service is running (1 = running, 0 = stopped/disabled) | --exporter.disable-dnsmasq |
Firewall¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_firewall_in_ipv4_pass_packets | Gauge | interface | The number of IPv4 incoming packets that were allowed to pass through the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_out_ipv4_pass_packets | Gauge | interface | The number of IPv4 outgoing packets that were allowed to pass through the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_in_ipv4_block_packets | Gauge | interface | The number of IPv4 incoming packets that were blocked by the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_out_ipv4_block_packets | Gauge | interface | The number of IPv4 outgoing packets that were blocked by the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_in_ipv6_pass_packets | Gauge | interface | The number of IPv6 incoming packets that were allowed to pass through the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_out_ipv6_pass_packets | Gauge | interface | The number of IPv6 outgoing packets that were allowed to pass through the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_in_ipv6_block_packets | Gauge | interface | The number of IPv6 incoming packets that were blocked by the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_out_ipv6_block_packets | Gauge | interface | The number of IPv6 outgoing packets that were blocked by the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_in_ipv4_pass_bytes_total | Counter | interface | The number of IPv4 incoming bytes that were allowed to pass through the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_out_ipv4_pass_bytes_total | Counter | interface | The number of IPv4 outgoing bytes that were allowed to pass through the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_in_ipv4_block_bytes_total | Counter | interface | The number of IPv4 incoming bytes that were blocked by the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_out_ipv4_block_bytes_total | Counter | interface | The number of IPv4 outgoing bytes that were blocked by the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_in_ipv6_pass_bytes_total | Counter | interface | The number of IPv6 incoming bytes that were allowed to pass through the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_out_ipv6_pass_bytes_total | Counter | interface | The number of IPv6 outgoing bytes that were allowed to pass through the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_in_ipv6_block_bytes_total | Counter | interface | The number of IPv6 incoming bytes that were blocked by the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_out_ipv6_block_bytes_total | Counter | interface | The number of IPv6 outgoing bytes that were blocked by the firewall by interface | --exporter.disable-firewall |
| opnsense_firewall_pf_states_current | Gauge | --- | Current number of active PF states | --exporter.disable-firewall |
| opnsense_firewall_pf_states_limit | Gauge | --- | Maximum number of PF states allowed | --exporter.disable-firewall |
| opnsense_firewall_interface_hits_total | Counter | interface | Total number of firewall rule matches per interface | --exporter.disable-firewall |
Firewall Rules¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_firewall_rule_rules_total | Counter | --- | Total number of firewall rules with statistics | --exporter.disable-firewall-rules |
| opnsense_firewall_rule_evaluations_total | Counter | uuid, description, action, interface, direction | Total number of rule evaluations per firewall rule | --exporter.disable-firewall-rules |
| opnsense_firewall_rule_packets_total | Counter | uuid, description, action, interface, direction | Total number of packets matched per firewall rule | --exporter.disable-firewall-rules |
| opnsense_firewall_rule_bytes_total | Counter | uuid, description, action, interface, direction | Total number of bytes matched per firewall rule | --exporter.disable-firewall-rules |
| opnsense_firewall_rule_states | Gauge | uuid, description, action, interface, direction | Current number of active states per firewall rule | --exporter.disable-firewall-rules |
| opnsense_firewall_rule_pf_rules | Gauge | uuid, description, action, interface, direction | Number of PF rules generated per firewall rule | --exporter.disable-firewall-rules |
Firmware¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_firmware_info | Gauge | os_version, product_version, product_id, product_abi | OPNsense firmware information | --exporter.disable-firmware |
| opnsense_firmware_needs_reboot | Gauge | --- | Whether OPNsense needs a reboot (1 = yes, 0 = no) | --exporter.disable-firmware |
| opnsense_firmware_upgrade_needs_reboot | Gauge | --- | Whether the upgrade requires a reboot (1 = yes, 0 = no) | --exporter.disable-firmware |
| opnsense_firmware_last_check_timestamp_seconds | Gauge | --- | Unix timestamp of the last firmware update check | --exporter.disable-firmware |
| opnsense_firmware_new_packages_count | Gauge | --- | Number of new packages available | --exporter.disable-firmware |
| opnsense_firmware_upgrade_packages_count | Gauge | --- | Number of packages with available upgrades | --exporter.disable-firmware |
Gateways¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_gateways_info | Gauge | name, description, device, protocol, enabled, weight, interface, upstream | Information of the gateway | --- |
| opnsense_gateways_monitor_info | Gauge | name, enabled, no_route, address | Gateway monitoring configuration | --- |
| opnsense_gateways_rtt_milliseconds | Gauge | name, address | RTT is the average (mean) of the round trip time in milliseconds by name and address | --- |
| opnsense_gateways_rttd_milliseconds | Gauge | name, address | RTTd is the standard deviation of the round trip time in milliseconds by name and address | --- |
| opnsense_gateways_rtt_low_milliseconds | Gauge | name, address | Gateway low latency threshold | --- |
| opnsense_gateways_rtt_high_milliseconds | Gauge | name, address | Gateway high latency threshold | --- |
| opnsense_gateways_loss_percentage | Gauge | name, address | The current gateway loss percentage by name and address | --- |
| opnsense_gateways_loss_low_percentage | Gauge | name, address | Gateway low packet loss threshold | --- |
| opnsense_gateways_loss_high_percentage | Gauge | name, address | Gateway high packet loss threshold | --- |
| opnsense_gateways_probe_interval_seconds | Gauge | name, address | Gateway probe interval | --- |
| opnsense_gateways_probe_period_seconds | Gauge | name, address | Gateway probe period | --- |
| opnsense_gateways_probe_timeout_seconds | Gauge | name, address | Gateway probe timeout | --- |
| opnsense_gateways_status | Gauge | name, address, default_gateway | Status of the gateway by name and address (0 = Offline, 1 = Online, 2 = Unknown, 3 = Pending) | --- |
IPsec¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_ipsec_phase1_status | Gauge | description, name | IPsec phase1 (1 = connected, 0 = down) | --exporter.disable-ipsec |
| opnsense_ipsec_phase1_install_time | Gauge | description, name | IPsec phase1 install time | --exporter.disable-ipsec |
| opnsense_ipsec_phase1_bytes_in | Gauge | description, name | IPsec phase1 bytes in | --exporter.disable-ipsec |
| opnsense_ipsec_phase1_bytes_out | Gauge | description, name | IPsec phase1 bytes out | --exporter.disable-ipsec |
| opnsense_ipsec_phase1_packets_in | Gauge | description, name | IPsec phase1 packets in | --exporter.disable-ipsec |
| opnsense_ipsec_phase1_packets_out | Gauge | description, name | IPsec phase1 packets out | --exporter.disable-ipsec |
| opnsense_ipsec_phase2_install_time | Gauge | description, name, spi_in, spi_out, phase1_name | IPsec phase2 install time | --exporter.disable-ipsec |
| opnsense_ipsec_phase2_bytes_in | Gauge | description, name, spi_in, spi_out, phase1_name | IPsec phase2 bytes in | --exporter.disable-ipsec |
| opnsense_ipsec_phase2_bytes_out | Gauge | description, name, spi_in, spi_out, phase1_name | IPsec phase2 bytes out | --exporter.disable-ipsec |
| opnsense_ipsec_phase2_packets_in | Gauge | description, name, spi_in, spi_out, phase1_name | IPsec phase2 packets in | --exporter.disable-ipsec |
| opnsense_ipsec_phase2_packets_out | Gauge | description, name, spi_in, spi_out, phase1_name | IPsec phase2 packets out | --exporter.disable-ipsec |
| opnsense_ipsec_phase2_rekey_time | Gauge | description, name, spi_in, spi_out, phase1_name | IPsec phase2 rekey time | --exporter.disable-ipsec |
| opnsense_ipsec_phase2_life_time | Gauge | description, name, spi_in, spi_out, phase1_name | IPsec phase2 life time | --exporter.disable-ipsec |
| opnsense_ipsec_service_running | Gauge | --- | Whether the service is running (1 = running, 0 = stopped/disabled) | --exporter.disable-ipsec |
Interfaces¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_interfaces_mtu_bytes | Gauge | interface, device, type | The MTU value of the interface | --- |
| opnsense_interfaces_received_bytes_total | Counter | interface, device, type | Bytes received on this interface by interface name and device | --- |
| opnsense_interfaces_transmitted_bytes_total | Counter | interface, device, type | Bytes transmitted on this interface by interface name and device | --- |
| opnsense_interfaces_received_multicasts_total | Counter | interface, device, type | Multicasts received on this interface by interface name and device | --- |
| opnsense_interfaces_transmitted_multicasts_total | Counter | interface, device, type | Multicasts transmitted on this interface by interface name and device | --- |
| opnsense_interfaces_input_errors_total | Counter | interface, device, type | Input errors on this interface by interface name and device | --- |
| opnsense_interfaces_output_errors_total | Counter | interface, device, type | Output errors on this interface by interface name and device | --- |
| opnsense_interfaces_collisions_total | Counter | interface, device, type | Collisions on this interface by interface name and device | --- |
| opnsense_interfaces_received_packets_total | Counter | interface, device, type | Total packets received on this interface by interface name and device | --- |
| opnsense_interfaces_transmitted_packets_total | Counter | interface, device, type | Total packets transmitted on this interface by interface name and device | --- |
| opnsense_interfaces_send_queue_length | Gauge | interface, device, type | Current send queue length on this interface by interface name and device | --- |
| opnsense_interfaces_send_queue_max_length | Gauge | interface, device, type | Maximum send queue length on this interface by interface name and device | --- |
| opnsense_interfaces_send_queue_drops_total | Counter | interface, device, type | Send queue drops on this interface by interface name and device | --- |
| opnsense_interfaces_input_queue_drops_total | Counter | interface, device, type | Input queue drops on this interface by interface name and device | --- |
| opnsense_interfaces_link_state | Gauge | interface, device, type | Link state of this interface (1=up, 0=down) by interface name and device | --- |
| opnsense_interfaces_line_rate_bits | Gauge | interface, device, type | Line rate in bits per second on this interface by interface name and device | --- |
Kea DHCP¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_kea_dhcp4_leases_total | Counter | --- | Total number of Kea DHCPv4 leases | --exporter.disable-kea |
| opnsense_kea_dhcp4_leases_by_interface | Gauge | interface | Number of Kea DHCPv4 leases per interface | --exporter.disable-kea |
| opnsense_kea_dhcp4_leases_reserved_total | Counter | --- | Total number of reserved (static) Kea DHCPv4 leases | --exporter.disable-kea |
| opnsense_kea_dhcp4_leases_dynamic_total | Counter | --- | Total number of dynamic Kea DHCPv4 leases | --exporter.disable-kea |
| opnsense_kea_dhcp4_lease_info | Gauge | address, hostname, hwaddr, interface | Per-lease DHCPv4 information (value is expire timestamp). Only emitted when --exporter.enable-kea-details is set. | --exporter.disable-kea |
| opnsense_kea_dhcp6_leases_total | Counter | --- | Total number of Kea DHCPv6 leases | --exporter.disable-kea |
| opnsense_kea_dhcp6_leases_by_interface | Gauge | interface | Number of Kea DHCPv6 leases per interface | --exporter.disable-kea |
| opnsense_kea_dhcp6_leases_reserved_total | Counter | --- | Total number of reserved (static) Kea DHCPv6 leases | --exporter.disable-kea |
| opnsense_kea_dhcp6_leases_dynamic_total | Counter | --- | Total number of dynamic Kea DHCPv6 leases | --exporter.disable-kea |
| opnsense_kea_dhcp6_lease_info | Gauge | address, hostname, hwaddr, interface | Per-lease DHCPv6 information (value is expire timestamp). Only emitted when --exporter.enable-kea-details is set. | --exporter.disable-kea |
Mbuf¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_mbuf_current | Gauge | --- | Current number of mbufs in use | --exporter.disable-mbuf |
| opnsense_mbuf_cache | Gauge | --- | Number of mbufs in cache | --exporter.disable-mbuf |
| opnsense_mbuf_total | Gauge | --- | Total number of mbufs available | --exporter.disable-mbuf |
| opnsense_mbuf_cluster_current | Gauge | --- | Current number of mbuf clusters in use | --exporter.disable-mbuf |
| opnsense_mbuf_cluster_cache | Gauge | --- | Number of mbuf clusters in cache | --exporter.disable-mbuf |
| opnsense_mbuf_cluster_total | Counter | --- | Total number of mbuf clusters available | --exporter.disable-mbuf |
| opnsense_mbuf_cluster_max | Gauge | --- | Maximum number of mbuf clusters | --exporter.disable-mbuf |
| opnsense_mbuf_failures_total | Counter | type | Total number of mbuf allocation failures by type | --exporter.disable-mbuf |
| opnsense_mbuf_sleeps_total | Counter | type | Total number of mbuf allocation sleeps by type | --exporter.disable-mbuf |
| opnsense_mbuf_bytes_in_use | Gauge | --- | Number of bytes of memory currently in use by mbufs | --exporter.disable-mbuf |
| opnsense_mbuf_bytes_total | Counter | --- | Total number of bytes of memory available for mbufs | --exporter.disable-mbuf |
| opnsense_mbuf_sendfile_syscalls_total | Counter | --- | Total number of sendfile syscalls | --exporter.disable-mbuf |
| opnsense_mbuf_sendfile_io_total | Counter | --- | Total number of sendfile I/O operations | --exporter.disable-mbuf |
| opnsense_mbuf_sendfile_pages_sent_total | Counter | --- | Total number of pages sent via sendfile | --exporter.disable-mbuf |
NDP¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_ndp_entries | Gauge | ip, mac, interface_description, type | NDP entries by ip, mac, interface description, and type | --exporter.disable-ndp |
NTP¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_ntp_peer_info | Gauge | server, refid, type, status | NTP peer information (value is always 1) | --exporter.disable-ntp |
| opnsense_ntp_peer_stratum | Gauge | server | Stratum level of the NTP peer | --exporter.disable-ntp |
| opnsense_ntp_peer_when_seconds | Gauge | server | Seconds since last response from the NTP peer | --exporter.disable-ntp |
| opnsense_ntp_peer_poll_seconds | Gauge | server | Poll interval in seconds for the NTP peer | --exporter.disable-ntp |
| opnsense_ntp_peer_reach | Gauge | server | Reachability register of the NTP peer (octal decoded to decimal) | --exporter.disable-ntp |
| opnsense_ntp_peer_delay_milliseconds | Gauge | server | Round-trip delay to the NTP peer in milliseconds | --exporter.disable-ntp |
| opnsense_ntp_peer_offset_milliseconds | Gauge | server | Clock offset relative to the NTP peer in milliseconds | --exporter.disable-ntp |
| opnsense_ntp_peer_jitter_milliseconds | Gauge | server | Dispersion jitter of the NTP peer in milliseconds | --exporter.disable-ntp |
| opnsense_ntp_peers_total | Counter | --- | Total number of NTP peers | --exporter.disable-ntp |
NetFlow¶
| Metric Name | Type | Labels | Description | Enable Flag |
|---|---|---|---|---|
| opnsense_netflow_enabled | Gauge | --- | Whether netflow capture is enabled (1 = enabled, 0 = disabled) | --exporter.enable-netflow |
| opnsense_netflow_local_collection_enabled | Gauge | --- | Whether local netflow collection is enabled (1 = enabled, 0 = disabled) | --exporter.enable-netflow |
| opnsense_netflow_active | Gauge | --- | Whether the netflow service is active (1 = active, 0 = inactive) | --exporter.enable-netflow |
| opnsense_netflow_collectors_count | Gauge | --- | Number of active netflow collectors | --exporter.enable-netflow |
| opnsense_netflow_cache_packets_total | Counter | interface | Total packets observed in netflow cache by interface | --exporter.enable-netflow |
| opnsense_netflow_cache_source_ip_addresses | Gauge | interface | Number of unique source IP addresses in netflow cache by interface | --exporter.enable-netflow |
| opnsense_netflow_cache_destination_ip_addresses | Gauge | interface | Number of unique destination IP addresses in netflow cache by interface | --exporter.enable-netflow |
Network Diagnostics¶
| Metric Name | Type | Labels | Description | Enable Flag |
|---|---|---|---|---|
| opnsense_network_diag_netisr_dispatched_total | Counter | protocol | Total number of netisr dispatches by protocol | --exporter.enable-network-diagnostics |
| opnsense_network_diag_netisr_hybrid_dispatched_total | Counter | protocol | Total number of netisr hybrid dispatches by protocol | --exporter.enable-network-diagnostics |
| opnsense_network_diag_netisr_queued_total | Counter | protocol | Total number of netisr packets queued by protocol | --exporter.enable-network-diagnostics |
| opnsense_network_diag_netisr_handled_total | Counter | protocol | Total number of netisr packets handled by protocol | --exporter.enable-network-diagnostics |
| opnsense_network_diag_netisr_queue_drops_total | Counter | protocol | Total number of netisr queue drops by protocol | --exporter.enable-network-diagnostics |
| opnsense_network_diag_netisr_queue_length | Gauge | protocol | Current maximum netisr queue length across workstreams by protocol | --exporter.enable-network-diagnostics |
| opnsense_network_diag_netisr_queue_watermark | Gauge | protocol | High watermark of netisr queue length across workstreams by protocol | --exporter.enable-network-diagnostics |
| opnsense_network_diag_netisr_queue_limit | Gauge | protocol | Configured netisr queue limit by protocol | --exporter.enable-network-diagnostics |
| opnsense_network_diag_sockets_active | Gauge | type | Number of active sockets by type | --exporter.enable-network-diagnostics |
| opnsense_network_diag_sockets_unix_total | Counter | --- | Total number of active Unix domain sockets | --exporter.enable-network-diagnostics |
| opnsense_network_diag_routes_total | Counter | proto | Number of routing table entries by protocol | --exporter.enable-network-diagnostics |
| opnsense_network_diag_pfsync_nodes_total | Counter | --- | Total number of pfsync cluster nodes | --exporter.enable-network-diagnostics |
| opnsense_network_diag_pfsync_node_info | Gauge | creatorid, is_local | PFSync node information (value is always 1) | --exporter.enable-network-diagnostics |
OpenVPN¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_openvpn_instances | Gauge | uuid, role, description, device_type | OpenVPN instances (1 = enabled, 0 = disabled) by role (server, client) | --exporter.disable-openvpn |
| opnsense_openvpn_sessions | Gauge | description, virtual_address, username | OpenVPN session (1 = ok, 0 = not ok) | --exporter.disable-openvpn |
PF Statistics¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_pf_stats_state_table_entries | Gauge | --- | Current number of entries in the PF state table | --exporter.disable-pf-stats |
| opnsense_pf_stats_state_table_searches_total | Counter | --- | Total number of state table searches | --exporter.disable-pf-stats |
| opnsense_pf_stats_state_table_inserts_total | Counter | --- | Total number of state table inserts | --exporter.disable-pf-stats |
| opnsense_pf_stats_state_table_removals_total | Counter | --- | Total number of state table removals | --exporter.disable-pf-stats |
| opnsense_pf_stats_source_tracking_entries | Gauge | --- | Current number of entries in the source tracking table | --exporter.disable-pf-stats |
| opnsense_pf_stats_counter_total | Counter | counter | Total count of PF counter by name | --exporter.disable-pf-stats |
| opnsense_pf_stats_limit_counter_total | Counter | counter | Total count of PF limit counter by name | --exporter.disable-pf-stats |
| opnsense_pf_stats_memory_limit | Gauge | pool | PF memory pool limit by pool name | --exporter.disable-pf-stats |
| opnsense_pf_stats_timeout_seconds | Gauge | name | PF timeout value in seconds by name | --exporter.disable-pf-stats |
Protocol Statistics¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_protocol_tcp_connection_count_by_state | Gauge | state | Number of TCP connections by state | --- |
| opnsense_protocol_tcp_sent_packets_total | Counter | --- | Number of sent TCP packets | --- |
| opnsense_protocol_tcp_received_packets_total | Counter | --- | Number of received TCP packets | --- |
| opnsense_protocol_arp_sent_requests_total | Counter | --- | Number of sent ARP requests | --- |
| opnsense_protocol_arp_received_requests_total | Counter | --- | Number of received ARP requests | --- |
| opnsense_protocol_icmp_calls_total | Counter | --- | Number of ICMP calls | --- |
| opnsense_protocol_icmp_sent_packets_total | Counter | --- | Number of sent ICMP packets | --- |
| opnsense_protocol_icmp_dropped_by_reason_total | Counter | reason | Number of dropped ICMP packets by reason | --- |
| opnsense_protocol_udp_delivered_packets_total | Counter | --- | Number of delivered UDP packets | --- |
| opnsense_protocol_udp_output_packets_total | Counter | --- | Number of output UDP packets | --- |
| opnsense_protocol_udp_received_datagrams_total | Counter | --- | Number of received UDP datagrams | --- |
| opnsense_protocol_udp_dropped_by_reason_total | Counter | reason | Number of dropped UDP packets by reason | --- |
| opnsense_protocol_carp_received_packets_total | Counter | address_family | Number of received CARP packets | --- |
| opnsense_protocol_carp_sent_packets_total | Counter | address_family | Number of sent CARP packets | --- |
| opnsense_protocol_carp_dropped_by_reason_total | Counter | reason | Number of dropped CARP packets by reason | --- |
| opnsense_protocol_pfsync_received_packets_total | Counter | address_family | Number of received Pfsync packets | --- |
| opnsense_protocol_pfsync_sent_packets_total | Counter | address_family | Number of sent Pfsync packets | --- |
| opnsense_protocol_pfsync_dropped_by_reason_total | Counter | reason | Number of dropped Pfsync packets by reason | --- |
| opnsense_protocol_pfsync_send_errors_total | Counter | --- | Number of Pfsync send errors | --- |
| opnsense_protocol_ip_received_packets_total | Counter | --- | Number of received IP packets | --- |
| opnsense_protocol_ip_forwarded_packets_total | Counter | --- | Number of forwarded IP packets | --- |
| opnsense_protocol_ip_sent_packets_total | Counter | --- | Number of sent IP packets | --- |
| opnsense_protocol_ip_dropped_by_reason_total | Counter | reason | Number of dropped IP packets by reason | --- |
| opnsense_protocol_ip_fragments_received_total | Counter | --- | Number of received IP fragments | --- |
| opnsense_protocol_ip_reassembled_packets_total | Counter | --- | Number of reassembled IP packets | --- |
| opnsense_protocol_tcp_connection_requests_total | Counter | --- | Number of TCP connection requests | --- |
| opnsense_protocol_tcp_connection_accepts_total | Counter | --- | Number of TCP connection accepts | --- |
| opnsense_protocol_tcp_connections_established_total | Counter | --- | Number of TCP connections established | --- |
| opnsense_protocol_tcp_connections_closed_total | Counter | --- | Number of TCP connections closed | --- |
| opnsense_protocol_tcp_connection_drops_total | Counter | --- | Number of TCP connection drops | --- |
| opnsense_protocol_tcp_retransmit_timeouts_total | Counter | --- | Number of TCP retransmit timeouts | --- |
| opnsense_protocol_tcp_keepalive_timeouts_total | Counter | --- | Number of TCP keepalive timeouts | --- |
| opnsense_protocol_tcp_listen_queue_overflows_total | Counter | --- | Number of TCP listen queue overflows | --- |
| opnsense_protocol_tcp_syncache_entries_total | Counter | --- | Number of TCP syncache entries added | --- |
| opnsense_protocol_arp_sent_failures_total | Counter | --- | Number of ARP sent failures | --- |
| opnsense_protocol_arp_sent_replies_total | Counter | --- | Number of ARP sent replies | --- |
| opnsense_protocol_arp_received_replies_total | Counter | --- | Number of ARP received replies | --- |
| opnsense_protocol_arp_received_packets_total | Counter | --- | Number of ARP received packets | --- |
| opnsense_protocol_arp_dropped_no_entry_total | Counter | --- | Number of ARP packets dropped with no entry | --- |
| opnsense_protocol_arp_entries_timeout_total | Counter | --- | Number of ARP entries that timed out | --- |
| opnsense_protocol_tcp_sent_data_bytes_total | Counter | --- | Total bytes of data sent via TCP | --- |
| opnsense_protocol_tcp_retransmitted_packets_total | Counter | --- | Total number of TCP packets retransmitted | --- |
| opnsense_protocol_tcp_retransmitted_bytes_total | Counter | --- | Total bytes retransmitted via TCP | --- |
| opnsense_protocol_tcp_received_in_sequence_bytes_total | Counter | --- | Total bytes received in sequence via TCP | --- |
| opnsense_protocol_tcp_received_duplicate_bytes_total | Counter | --- | Total completely duplicate bytes received via TCP | --- |
| opnsense_protocol_tcp_segments_updated_rtt_total | Counter | --- | Total TCP segments that updated RTT | --- |
| opnsense_protocol_tcp_bad_connection_attempts_total | Counter | --- | Total bad TCP connection attempts | --- |
| opnsense_protocol_tcp_keepalive_probes_total | Counter | --- | Total TCP keepalive probes sent | --- |
| opnsense_protocol_tcp_syncache_dropped_total | Counter | --- | Total TCP syncache entries dropped | --- |
| opnsense_protocol_ip_sent_fragments_total | Counter | --- | Total IP fragments sent | --- |
| opnsense_protocol_arp_dropped_duplicate_address_total | Counter | --- | Total ARP packets dropped due to duplicate address | --- |
Services¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_services_status | Gauge | name, description | Service status by name and description (1 = running, 0 = stopped) | --- |
| opnsense_services_running_total | Counter | --- | Total number of running services | --- |
| opnsense_services_stopped_total | Counter | --- | Total number of stopped services | --- |
System¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_system_memory_total_bytes | Gauge | --- | Total physical memory in bytes | --exporter.disable-system |
| opnsense_system_memory_used_bytes | Gauge | --- | Used physical memory in bytes | --exporter.disable-system |
| opnsense_system_memory_arc_bytes | Gauge | --- | ZFS ARC memory usage in bytes | --exporter.disable-system |
| opnsense_system_uptime_seconds | Gauge | --- | System uptime in seconds | --exporter.disable-system |
| opnsense_system_load_average | Gauge | interval | System load average | --exporter.disable-system |
| opnsense_system_config_last_change | Gauge | --- | Unix timestamp of last configuration change | --exporter.disable-system |
| opnsense_system_disk_total_bytes | Gauge | device, type, mountpoint | Total disk space in bytes | --exporter.disable-system |
| opnsense_system_disk_used_bytes | Gauge | device, type, mountpoint | Used disk space in bytes | --exporter.disable-system |
| opnsense_system_disk_usage_ratio | Gauge | device, type, mountpoint | Disk usage as a ratio from 0.0 to 1.0 | --exporter.disable-system |
| opnsense_system_swap_total_bytes | Gauge | device | Total swap space in bytes | --exporter.disable-system |
| opnsense_system_swap_used_bytes | Gauge | device | Used swap space in bytes | --exporter.disable-system |
| opnsense_system_info | Gauge | hostname, opnsense_version, freebsd_version, openssl_version, cpu_model, cpu_cores, cpu_threads | System information with hostname, OS versions, and CPU details (value is always 1) | --exporter.disable-system |
Temperature¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_temperature_celsius | Gauge | device, type, device_seq | Temperature reading in Celsius | --exporter.disable-temperature |
Unbound DNS¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_unbound_dns_uptime_seconds | Gauge | --- | Uptime of the unbound DNS service in seconds | --exporter.disable-unbound |
| opnsense_unbound_dns_queries_total | Counter | --- | Total number of queries received | --exporter.disable-unbound |
| opnsense_unbound_dns_cache_hits_total | Counter | --- | Total number of cache hits | --exporter.disable-unbound |
| opnsense_unbound_dns_cache_miss_total | Counter | --- | Total number of cache misses | --exporter.disable-unbound |
| opnsense_unbound_dns_prefetch_total | Counter | --- | Total number of cache prefetches | --exporter.disable-unbound |
| opnsense_unbound_dns_expired_total | Counter | --- | Total number of expired entries served | --exporter.disable-unbound |
| opnsense_unbound_dns_recursive_replies_total | Counter | --- | Total number of recursive replies sent | --exporter.disable-unbound |
| opnsense_unbound_dns_queries_timed_out_total | Counter | --- | Total number of queries that timed out | --exporter.disable-unbound |
| opnsense_unbound_dns_queries_ip_ratelimited_total | Counter | --- | Total number of queries that were IP rate limited | --exporter.disable-unbound |
| opnsense_unbound_dns_answers_secure_total | Counter | --- | Total number of DNSSEC secure answers | --exporter.disable-unbound |
| opnsense_unbound_dns_answers_bogus_total | Counter | --- | Total number of DNSSEC bogus answers | --exporter.disable-unbound |
| opnsense_unbound_dns_rrset_bogus_total | Counter | --- | Total number of DNSSEC bogus rrsets | --exporter.disable-unbound |
| opnsense_unbound_dns_queries_by_type_total | Counter | type | Total queries by DNS record type | --exporter.disable-unbound |
| opnsense_unbound_dns_queries_by_protocol_total | Counter | protocol | Total queries by protocol | --exporter.disable-unbound |
| opnsense_unbound_dns_answers_by_rcode_total | Counter | rcode | Total answers by response code | --exporter.disable-unbound |
| opnsense_unbound_dns_unwanted_total | Counter | type | Total number of unwanted queries or replies | --exporter.disable-unbound |
| opnsense_unbound_dns_query_flags_total | Counter | flag | Total queries by DNS flag | --exporter.disable-unbound |
| opnsense_unbound_dns_edns_total | Counter | type | Total EDNS queries by type | --exporter.disable-unbound |
| opnsense_unbound_dns_request_list_avg | Gauge | --- | Average number of requests in the internal request list | --exporter.disable-unbound |
| opnsense_unbound_dns_request_list_max | Gauge | --- | Maximum number of requests in the internal request list | --exporter.disable-unbound |
| opnsense_unbound_dns_recursion_time_avg_seconds | Gauge | --- | Average recursion time in seconds | --exporter.disable-unbound |
| opnsense_unbound_dns_recursion_time_median_seconds | Gauge | --- | Median recursion time in seconds | --exporter.disable-unbound |
| opnsense_unbound_dns_cache_count | Gauge | cache | Number of entries in cache by cache type | --exporter.disable-unbound |
| opnsense_unbound_dns_memory_bytes | Gauge | component | Memory usage in bytes by component | --exporter.disable-unbound |
| opnsense_unbound_dns_request_list_current | Gauge | scope | Current number of requests in the internal request list by scope | --exporter.disable-unbound |
| opnsense_unbound_dns_request_list_overwritten_total | Counter | --- | Total number of request list entries overwritten by newer entries | --exporter.disable-unbound |
| opnsense_unbound_dns_request_list_exceeded_total | Counter | --- | Total number of request list entries that exceeded the maximum | --exporter.disable-unbound |
| opnsense_unbound_dns_tcp_usage_ratio | Gauge | --- | TCP connection usage ratio for the DNS resolver (0.0 to 1.0) | --exporter.disable-unbound |
| opnsense_unbound_dns_blocklist_enabled | Gauge | --- | Whether the DNS blocklist is enabled (1 = enabled, 0 = disabled) | --exporter.disable-unbound |
| opnsense_unbound_dns_service_running | Gauge | --- | Whether the service is running (1 = running, 0 = stopped/disabled) | --exporter.disable-unbound |
Wireguard¶
| Metric Name | Type | Labels | Description | Disable Flag |
|---|---|---|---|---|
| opnsense_wireguard_interfaces_status | Gauge | device, device_type, device_name | Wireguard interface (1 = up, 0 = down) | --exporter.disable-wireguard |
| opnsense_wireguard_peer_status | Gauge | device, device_type, device_name, peer_name | Wireguard peer status (1 = up, 0 = down, 2 = unknown) | --exporter.disable-wireguard |
| opnsense_wireguard_peer_received_bytes_total | Counter | device, device_type, device_name, peer_name | Bytes received by this wireguard peer | --exporter.disable-wireguard |
| opnsense_wireguard_peer_transmitted_bytes_total | Counter | device, device_type, device_name, peer_name | Bytes transmitted by this wireguard peer | --exporter.disable-wireguard |
| opnsense_wireguard_peer_last_handshake_seconds | Gauge | device, device_type, device_name, peer_name | Last handshake by peer in seconds | --exporter.disable-wireguard |
| opnsense_wireguard_service_running | Gauge | --- | Whether the service is running (1 = running, 0 = stopped/disabled) | --exporter.disable-wireguard |