[PATCH 0/6] zabbix_agentd: More functionality + CRITICAL OpenVPN fixes

[PATCH 0/6] zabbix_agentd: More functionality + CRITICAL OpenVPN fixes

[Robin Roevens]

Hi all,

A new version of the Zabbix Agent, fixing a few bugs.
But also added IPFire specific functionality:
- ARPing for internet gateway checking as an alternative next to ICMP
  ping in case ICMP ping is not available for some reason
- WireGuard stats and peer monitoring.
  Now that WireGuard has hit IPFire, Zabbix should be able to monitor 
  it now natively like it can for OpenVPN.
- LocationDB functionality. 
  With this Zabbix can query the IPFire locationDB through the IPFire 
  zabbix_agentd. I had this idea from the WireGuard status page on the 
  IPFire WUI where the location of the endpoint IP is shown, and I 
  wanted Zabbix to be able to do the same. 
  Now it can for any IP (in theory from any source it monitors).
- OpenVPN fixes: last but certainly not least as this is a CRITICAL
  patch:
  I saw a lot of OpenVPN patches last few days, and checked them for any
  changes that could impact the current Zabbix OpenVPN monitoring and
  found that the pid file was renamed and that the statistics log was
  renamed and should now be consulted using the openvpnctrl helper.
  So I changed the IPFire agent config accordingly.

I hope this patch can hit the same Core Update as the OpenVPN patches
to prevent the agent from no longer being able to monitor OpenVPN and
malfunctioning until next CU.

Regards

Robin

-- 
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.

[PATCH 1/6] zabbix_agentd: Update to 7.0.16 (LTS)

[Robin Roevens]

- Update from version 7.0.11 to 7.0.16
- Update of rootfile not required

Bugs fixed:
ZBX-26080	Fixed old file descriptors being held when external log rotation is used
ZBX-26121	Added default flags to net.dns.get arguments when none are specified
ZBX-26055	Fixed failure to refresh active checks when next refresh was faster than 60 seconds

Full changelogs since 7.0.11:
- https://www.zabbix.com/rn/rn7.0.12
- https://www.zabbix.com/rn/rn7.0.13
- https://www.zabbix.com/rn/rn7.0.14
- https://www.zabbix.com/rn/rn7.0.15
- https://www.zabbix.com/rn/rn7.0.16

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 lfs/zabbix_agentd | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index dbe2088fb..c2b8533b4 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Zabbix Agent
 
-VER        = 7.0.11
+VER        = 7.0.16
 
 THISAPP    = zabbix-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = zabbix_agentd
-PAK_VER    = 17
+PAK_VER    = 18
 
 DEPS       = fping
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 0c6544c64febc51e6fc153863b46e333d9d5564c83f40b71362a15c0533d48e50e5c340b35b2ca0dd1d776d0452f4aae42dc44d4e0e4b2c5949df02efbc7fc06
+$(DL_FILE)_BLAKE2 = 5b5ae98fd9ff819b0a202ad566fc4e9523991f67a13a0967986299cafe962e54c7769dffe821b59c55bd2b6e437ea913a6f7074bf9275cdb1bf433eeeb193117
 
 install : $(TARGET)
 
-- 
2.50.1


-- 
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.

[PATCH 2/6] zabbix_agentd: Add ARPing method for checking Internet Gateway

[Robin Roevens]

Since some ISP's block ICMP ping to their gateway ARPing can be an alternative.
This change adds arping alternatives for the regular (icmp) ping checks:
- ipfire.net.gateway.arping: Check if the Internet Gateway is reachable via ARPing
- ipfire.net.gateway.arpingtime: Measure the time it takes to ARPing the Internet Gateway

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 config/rootfiles/packages/zabbix_agentd         |  1 +
 config/zabbix_agentd/sudoers                    |  3 ++-
 config/zabbix_agentd/userparameter_gateway.conf | 12 ++++++++++++
 config/zabbix_agentd/userparameter_ipfire.conf  |  4 ----
 lfs/zabbix_agentd                               |  2 ++
 5 files changed, 17 insertions(+), 5 deletions(-)
 create mode 100644 config/zabbix_agentd/userparameter_gateway.conf

diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd
index ffa66f307..cc75a49bd 100644
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -21,6 +21,7 @@ var/ipfire/zabbix_agentd/userparameters
 var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
+var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
 var/ipfire/zabbix_agentd/scripts
 var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index 78e175980..921e20c89 100644
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -8,6 +8,7 @@
 # To add more sudo rights to zabbix agent, you should modify the sudoers file zabbix_agentd_user
 #
 Defaults:zabbix !requiretty
-zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat, /bin/cat /var/run/ovpnserver.log
+zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat
+zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/userparameter_gateway.conf b/config/zabbix_agentd/userparameter_gateway.conf
new file mode 100644
index 000000000..cfae001ae
--- /dev/null
+++ b/config/zabbix_agentd/userparameter_gateway.conf
@@ -0,0 +1,12 @@
+# Parameters to monitor Internet gateway connectivity
+#
+# ICMP Ping
+# Internet Gateway ping timings, can be used to measure "Internet Line Quality"
+UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2
+# Internet Gateway availability, can be used to check Internet connection
+UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? == 0 ]; echo $?
+# ARP Ping
+# Internet Gateway ping timings, can be used to measure "Internet Line Quality" when ICMP ping is not available
+UserParameter=ipfire.net.gateway.arpingtime,sudo /usr/sbin/arping -i red0 -c 3 gateway | awk 'match($0, /time=([0-9\.]+) (\w+)$/, arr) { n++; if (arr[2] == "usec") { arr[1]/=1000; }; sum+=arr[1] } END { print sum / n }'
+# Internet Gateway availability, can be used to check Internet connection when ICMP ping is not available
+UserParameter=ipfire.net.gateway.arping,sudo /usr/sbin/arping -q -c 3 gateway; [ ! $? == 0 ]; echo $?
diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf
index c8ead1608..e88c20298 100644
--- a/config/zabbix_agentd/userparameter_ipfire.conf
+++ b/config/zabbix_agentd/userparameter_ipfire.conf
@@ -1,9 +1,5 @@
 # Parameters for monitoring IPFire specific metrics
 #
-# Internet Gateway ping timings, can be used to measure "Internet Line Quality"
-UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2
-# Internet Gateway availability, can be used to check Internet connection
-UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? == 0 ]; echo $?
 # Firewall Filter Forward chain drops in bytes/chain (JSON), can be used for discovery of firewall chains and monitoring of firewall hits on each chain
 UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/\* DROP_.* \*/$" | awk 'BEGIN { ORS = ""; print "["} { printf "%s{\"chain\": \"%s\", \"bytes\": \"%s\"}", separator, substr($11, 6), $2; separator = ", "; } END { print"]" }'
 # Number of currently Active DHCP leases
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index c2b8533b4..ebd184628 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -112,6 +112,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		/var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
 	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ovpn.conf \
 		/var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
+	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_gateway.conf \
+		/var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
 
 	# Install IPFire-specific Zabbix Agent scripts
 	-mkdir -pv /var/ipfire/zabbix_agentd/scripts
-- 
2.50.1


-- 
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.

[PATCH 3/6] zabbix_agentd: Add WireGuard specific monitoring items

[Robin Roevens]

Adds new IPFire specific monitoring capabilities to Zabbix Agent:
- ipfire.wireguard.peers.discovery: Discovery of configured WireGuard
  clients. Returns a JSON array.
- ipfire.wireguard.statusreport.get: Parses and returns output of
  `wireguardctrl dump` as a JSON array.

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 config/rootfiles/packages/zabbix_agentd           | 1 +
 config/zabbix_agentd/sudoers                      | 2 +-
 config/zabbix_agentd/userparameter_wireguard.conf | 6 ++++++
 lfs/zabbix_agentd                                 | 2 ++
 4 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 config/zabbix_agentd/userparameter_wireguard.conf

diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd
index cc75a49bd..52cb37e93 100644
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -22,6 +22,7 @@ var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
+var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf
 var/ipfire/zabbix_agentd/scripts
 var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index 921e20c89..57273a2c8 100644
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -9,6 +9,6 @@
 #
 Defaults:zabbix !requiretty
 zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat
-zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log
+zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log, /usr/local/bin/wireguardctrl dump
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/userparameter_wireguard.conf b/config/zabbix_agentd/userparameter_wireguard.conf
new file mode 100644
index 000000000..b7925288a
--- /dev/null
+++ b/config/zabbix_agentd/userparameter_wireguard.conf
@@ -0,0 +1,6 @@
+# Parameters for monitoring IPFire WireGuard specific metrics
+#
+# Discovery of configured WireGuard peers
+UserParameter=ipfire.wireguard.peers.discovery,cat /var/ipfire/wireguard/peers 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#ID}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK_B64}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $4, $5, $2, $11, $3; separator = ","; } END { print "]" }'
+# Get Wireguard status report
+UserParameter=ipfire.wireguard.statusreport.get,sudo /usr/local/bin/wireguardctrl dump | awk 'BEGIN { ORS = ""; print "[" } NR>1 { printf "%s{\"id\":\"%s\",\"endpoint\":\"%s\",\"allowed_ip\":\"%s\",\"handshake_timestamp\":%s,\"bytes_in\":%s,\"bytes_out\":%s}", separator, $1, $3, $4, $5, $6, $7; separator = ","; } END { print "]" }'
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index ebd184628..6d0a6b4ea 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -114,6 +114,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		/var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
 	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_gateway.conf \
 		/var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
+	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_wireguard.conf \
+		/var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf
 
 	# Install IPFire-specific Zabbix Agent scripts
 	-mkdir -pv /var/ipfire/zabbix_agentd/scripts
-- 
2.50.1


-- 
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.

[PATCH 4/6] zabbix_agentd: Add LocationDB functionality

[Robin Roevens]

Adds new IPFire specific monitoring capabilities to Zabbix Agent:
- ipfire.locationdb.lookup[<ip>,<ip>,...]: Perform IPFire LocationDB lookups
  from within Zabbix. Returns a JSON dict.
- ipfire.locationdb.version: Get LocationDB version timestamp in unixtime.

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 config/rootfiles/packages/zabbix_agentd            | 1 +
 config/zabbix_agentd/userparameter_locationdb.conf | 6 ++++++
 lfs/zabbix_agentd                                  | 2 ++
 3 files changed, 9 insertions(+)
 create mode 100644 config/zabbix_agentd/userparameter_locationdb.conf

diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd
index 52cb37e93..7f1f39b64 100644
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -23,6 +23,7 @@ var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf
+var/ipfire/zabbix_agentd/userparameters/userparameter_locationdb.conf
 var/ipfire/zabbix_agentd/scripts
 var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/userparameter_locationdb.conf b/config/zabbix_agentd/userparameter_locationdb.conf
new file mode 100644
index 000000000..4aa540762
--- /dev/null
+++ b/config/zabbix_agentd/userparameter_locationdb.conf
@@ -0,0 +1,6 @@
+# Parameters for querying IPFire Location DB
+#
+# Returns Location DB lookup for one or more IP addresses
+UserParameter=ipfire.locationdb.lookup[*],/usr/bin/location lookup $1 $2 $3 $4 $5 $6 $7 $8 $9 2>&1 | awk -F"[[:space:]]*:[[:space:]]*" 'BEGIN { printf "{" } /[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+:/ { printf "%s\"%s\":{",separator,$$1; separator = "," } /^[[:space:]]*Network/ { printf "\"network\":\"" $$2 "\"" } /^[[:space:]]*Country/ { printf ",\"country\":\"" $$2 "\"" } /^[[:space:]]*Autonomous System/ { printf ",\"as\":\"" $$2 "\"}" } /Errno [[:digit:]]+/ { printf "\"error\":\"%s\"",$$0 } END { printf "}" }'
+# Returns the Unix timestamp of the IPFire Location DB version
+UserParameter=ipfire.locationdb.version,date -d"$(/usr/bin/location version)" +%s
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index 6d0a6b4ea..db43bd611 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -116,6 +116,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		/var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
 	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_wireguard.conf \
 		/var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf
+	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_locationdb.conf \
+		/var/ipfire/zabbix_agentd/userparameters/userparameter_locationdb.conf
 
 	# Install IPFire-specific Zabbix Agent scripts
 	-mkdir -pv /var/ipfire/zabbix_agentd/scripts
-- 
2.50.1


-- 
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.

[PATCH 5/6] zabbix_agentd: Openvpn-2.6: fix pid name for services stats

[Robin Roevens]

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 config/zabbix_agentd/ipfire_services.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/zabbix_agentd/ipfire_services.pl b/config/zabbix_agentd/ipfire_services.pl
index 653b606ee..d3f9855ba 100755
--- a/config/zabbix_agentd/ipfire_services.pl
+++ b/config/zabbix_agentd/ipfire_services.pl
@@ -100,7 +100,7 @@ my %services = (
         # OpenVPN Roadwarrior
         'OpenVPN Roadwarrior Server' => {
                 "process" => "openvpn",
-                "pidfile" => "/var/run/openvpn.pid",
+                "pidfile" => "/var/run/openvpn-rw.pid",
         }
 );
 
-- 
2.50.1


-- 
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.

[PATCH 6/6] zabbix_agentd: Openvpn-2.6: use the helper binary to read the status log

[Robin Roevens]

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 config/zabbix_agentd/sudoers                 | 2 +-
 config/zabbix_agentd/userparameter_ovpn.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index 57273a2c8..50a9e69de 100644
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -9,6 +9,6 @@
 #
 Defaults:zabbix !requiretty
 zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat
-zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log, /usr/local/bin/wireguardctrl dump
+zabbix ALL=(ALL) NOPASSWD: /usr/local/bin/openvpnctrl rw log, /usr/local/bin/wireguardctrl dump
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/userparameter_ovpn.conf b/config/zabbix_agentd/userparameter_ovpn.conf
index a7a6d8535..d2ce10bb3 100644
--- a/config/zabbix_agentd/userparameter_ovpn.conf
+++ b/config/zabbix_agentd/userparameter_ovpn.conf
@@ -3,7 +3,7 @@
 # Discovery of configured ovpn clients
 UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#COMMONNAME}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }'
 # Get OpenVPN status report
-UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
+UserParameter=ipfire.ovpn.statusreport.get,sudo /usr/local/bin/openvpnctrl rw log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
 # Get OpenVPN client certificate details
 UserParameter=ipfire.ovpn.clientcert[*],sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/certs/$1cert.pem
 UserParameter=ipfire.ovpn.cacert,sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/ca/cacert.pem
-- 
2.50.1


-- 
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.