From: Robin Roevens <robin.roevens@disroot.org>
To: development@lists.ipfire.org
Cc: Robin Roevens <robin.roevens@disroot.org>
Subject: [PATCH 6/6] zabbix_agentd: Openvpn-2.6: use the helper binary to read the status log
Date: Thu, 17 Jul 2025 19:52:05 +0200 [thread overview]
Message-ID: <20250717180805.5754-7-robin.roevens@disroot.org> (raw)
In-Reply-To: <20250717180805.5754-1-robin.roevens@disroot.org>
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
config/zabbix_agentd/sudoers | 2 +-
config/zabbix_agentd/userparameter_ovpn.conf | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index 57273a2c8..50a9e69de 100644
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -9,6 +9,6 @@
#
Defaults:zabbix !requiretty
zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat
-zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log, /usr/local/bin/wireguardctrl dump
+zabbix ALL=(ALL) NOPASSWD: /usr/local/bin/openvpnctrl rw log, /usr/local/bin/wireguardctrl dump
zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/userparameter_ovpn.conf b/config/zabbix_agentd/userparameter_ovpn.conf
index a7a6d8535..d2ce10bb3 100644
--- a/config/zabbix_agentd/userparameter_ovpn.conf
+++ b/config/zabbix_agentd/userparameter_ovpn.conf
@@ -3,7 +3,7 @@
# Discovery of configured ovpn clients
UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#COMMONNAME}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }'
# Get OpenVPN status report
-UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
+UserParameter=ipfire.ovpn.statusreport.get,sudo /usr/local/bin/openvpnctrl rw log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
# Get OpenVPN client certificate details
UserParameter=ipfire.ovpn.clientcert[*],sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/certs/$1cert.pem
UserParameter=ipfire.ovpn.cacert,sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/ca/cacert.pem
--
2.50.1
--
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
prev parent reply other threads:[~2025-07-17 18:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-17 17:51 [PATCH 0/6] zabbix_agentd: More functionality + CRITICAL OpenVPN fixes Robin Roevens
2025-07-17 17:52 ` [PATCH 1/6] zabbix_agentd: Update to 7.0.16 (LTS) Robin Roevens
2025-07-17 17:52 ` [PATCH 2/6] zabbix_agentd: Add ARPing method for checking Internet Gateway Robin Roevens
2025-07-17 17:52 ` [PATCH 3/6] zabbix_agentd: Add WireGuard specific monitoring items Robin Roevens
2025-07-17 17:52 ` [PATCH 4/6] zabbix_agentd: Add LocationDB functionality Robin Roevens
2025-07-17 17:52 ` [PATCH 5/6] zabbix_agentd: Openvpn-2.6: fix pid name for services stats Robin Roevens
2025-07-17 17:52 ` Robin Roevens [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250717180805.5754-7-robin.roevens@disroot.org \
--to=robin.roevens@disroot.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox