The pf plugin gathers information from the FreeBSD/OpenBSD pf firewall. Currently it can retrieve information about the state table: the number of current entries in the table, and counters for the number of searches, inserts, and removals to the table.
The pf plugin retrieves this information by invoking the
pfstat command. The
pfstat command requires read access to the device file
/dev/pf. You have several options to permit agent to run
- Run agent as root. This is strongly discouraged.
- Change the ownership and permissions for /dev/pf such that the user agent runs as can read the /dev/pf device file. This is probably not that good of an idea either.
- Configure sudo to grant
pfctlas root. This is the most restrictive option, but require sudo setup.
You may edit your sudo configuration with the following:
cua ALL=(root) NOPASSWD: /sbin/pfctl -s info
# use sudo to run pfctl use_sudo = false