From: Robin Roevens <robin.roevens@disroot.org>
To: development@lists.ipfire.org
Cc: Robin Roevens <robin.roevens@disroot.org>
Subject: [PATCH 3/6] zabbix_agentd: Add WireGuard specific monitoring items
Date: Thu, 17 Jul 2025 19:52:02 +0200 [thread overview]
Message-ID: <20250717180805.5754-4-robin.roevens@disroot.org> (raw)
In-Reply-To: <20250717180805.5754-1-robin.roevens@disroot.org>
Adds new IPFire specific monitoring capabilities to Zabbix Agent:
- ipfire.wireguard.peers.discovery: Discovery of configured WireGuard
clients. Returns a JSON array.
- ipfire.wireguard.statusreport.get: Parses and returns output of
`wireguardctrl dump` as a JSON array.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
config/rootfiles/packages/zabbix_agentd | 1 +
config/zabbix_agentd/sudoers | 2 +-
config/zabbix_agentd/userparameter_wireguard.conf | 6 ++++++
lfs/zabbix_agentd | 2 ++
4 files changed, 10 insertions(+), 1 deletion(-)
create mode 100644 config/zabbix_agentd/userparameter_wireguard.conf
diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd
index cc75a49bd..52cb37e93 100644
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -22,6 +22,7 @@ var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf
var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
+var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf
var/ipfire/zabbix_agentd/scripts
var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index 921e20c89..57273a2c8 100644
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -9,6 +9,6 @@
#
Defaults:zabbix !requiretty
zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat
-zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log
+zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log, /usr/local/bin/wireguardctrl dump
zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/userparameter_wireguard.conf b/config/zabbix_agentd/userparameter_wireguard.conf
new file mode 100644
index 000000000..b7925288a
--- /dev/null
+++ b/config/zabbix_agentd/userparameter_wireguard.conf
@@ -0,0 +1,6 @@
+# Parameters for monitoring IPFire WireGuard specific metrics
+#
+# Discovery of configured WireGuard peers
+UserParameter=ipfire.wireguard.peers.discovery,cat /var/ipfire/wireguard/peers 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#ID}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK_B64}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $4, $5, $2, $11, $3; separator = ","; } END { print "]" }'
+# Get Wireguard status report
+UserParameter=ipfire.wireguard.statusreport.get,sudo /usr/local/bin/wireguardctrl dump | awk 'BEGIN { ORS = ""; print "[" } NR>1 { printf "%s{\"id\":\"%s\",\"endpoint\":\"%s\",\"allowed_ip\":\"%s\",\"handshake_timestamp\":%s,\"bytes_in\":%s,\"bytes_out\":%s}", separator, $1, $3, $4, $5, $6, $7; separator = ","; } END { print "]" }'
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index ebd184628..6d0a6b4ea 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -114,6 +114,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
/var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_gateway.conf \
/var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
+ install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_wireguard.conf \
+ /var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf
# Install IPFire-specific Zabbix Agent scripts
-mkdir -pv /var/ipfire/zabbix_agentd/scripts
--
2.50.1
--
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
next prev parent reply other threads:[~2025-07-17 18:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-17 17:51 [PATCH 0/6] zabbix_agentd: More functionality + CRITICAL OpenVPN fixes Robin Roevens
2025-07-17 17:52 ` [PATCH 1/6] zabbix_agentd: Update to 7.0.16 (LTS) Robin Roevens
2025-07-17 17:52 ` [PATCH 2/6] zabbix_agentd: Add ARPing method for checking Internet Gateway Robin Roevens
2025-07-17 17:52 ` Robin Roevens [this message]
2025-07-17 17:52 ` [PATCH 4/6] zabbix_agentd: Add LocationDB functionality Robin Roevens
2025-07-17 17:52 ` [PATCH 5/6] zabbix_agentd: Openvpn-2.6: fix pid name for services stats Robin Roevens
2025-07-17 17:52 ` [PATCH 6/6] zabbix_agentd: Openvpn-2.6: use the helper binary to read the status log Robin Roevens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250717180805.5754-4-robin.roevens@disroot.org \
--to=robin.roevens@disroot.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox