Hi all
A new version of the zabbix_agentd LTS, containing a few bug fixes.
As an additional patch I have added 2 new metrics (items) to the agent for the user to check if they want: - ipfire.ovpn.clients.discovery which returns a JSON string with all configured ovpn clients from /var/ipfire/ovpn/ovpnconfig. This can be used by Zabbix to automatically discover any configured openvpn clients and start monitoring them. - ipfire.ovpn.statusreport.gget which returns a JSON string with the parsed content of /var/run/ovpnserver.log. This can be used by Zabbix to effectively monitor discovered configured clients: bytes in/out, connection state, last activity, remote IP, VPN IP.
This will of course be documented on the wiki when the patch is merged.
For reference, the download link for the zabbix_agentd source used in this patch: https://cdn.zabbix.com/zabbix/sources/stable/6.0/zabbix-6.0.19.tar.gz
Regards
Robin
- Update from version 6.0.16 to 6.0.19 - Update of rootfile not required
Bugs fixed: - ZBX-22798: Incorrect output of vfs.file.contents when reading frequently modified file - ZBX-22470: Zabbix Agent locks in tls_recv() when using DebugLevel=5 - ZBX-21892: vfs.fs.get returns wrong data if multiple file systems have identical mount point
Full changelogs since 6.0.16: - https://www.zabbix.com/rn/rn6.0.17 - https://www.zabbix.com/rn/rn6.0.18 - https://www.zabbix.com/rn/rn6.0.19 --- lfs/zabbix_agentd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index afda5023c..9e72ad977 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -26,7 +26,7 @@ include Config
SUMMARY = Zabbix Agent
-VER = 6.0.16 +VER = 6.0.19
THISAPP = zabbix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd -PAK_VER = 8 +PAK_VER = 9
DEPS = fping
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 87f7c043f30ef9902b3673e2d444e37b32ef998d178fa5718ed9aa098f841f23237d79e54985ba3a415a86433a685387af33810f53a78837be6a1aa2870ed65a +$(DL_FILE)_BLAKE2 = b454a3622d3fdeda886ce4722e24116c44c74768bc5dcfe1cd6aa7c90a245121532d24842cfd47538349d08ca5b6577b6f0e75eec165f304a050512eafe608ba
install : $(TARGET)
Added new IPFire specific monitoring capabilities to Zabbix Agent: - ipfire.ovpn.clients.discovery: Discovery of configured ovpn clients. Returns a JSON array. - ipfire.ovpn.statusreport.get: Parses and returns /var/run/ovpnserver.log in a JSON array
Since /var/run/ovpnserver.log is only readable by root, 'cat' of that file is added to sudoers.d/zabbix_agentd. --- config/zabbix_agentd/sudoers | 2 +- config/zabbix_agentd/userparameter_ipfire.conf | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 2d71ae78f..d93ec5d55 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -8,4 +8,4 @@ # To add more sudo rights to zabbix agent, you should modify the sudoers file zabbix_agentd_user # Defaults:zabbix !requiretty -zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat +zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat, /bin/cat /var/run/ovpnserver.log diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf index c5a636edf..b8b512d82 100644 --- a/config/zabbix_agentd/userparameter_ipfire.conf +++ b/config/zabbix_agentd/userparameter_ipfire.conf @@ -9,4 +9,10 @@ UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/ # Number of currently Active DHCP leases UserParameter=ipfire.dhcpd.clients,grep -s -E 'lease|bind' /var/state/dhcp/dhcpd.leases | sed ':a;/{$/{N;s/\n//;ba}' | grep "state active" | wc -l # Number of Captive Portal clients -UserParameter=ipfire.captive.clients,awk -F ',' 'length($2) == 17 {sum += 1} END {if (length(sum) == 0) print 0; else print sum}' /var/ipfire/captive/clients \ No newline at end of file +UserParameter=ipfire.captive.clients,awk -F ',' 'length($2) == 17 {sum += 1} END {if (length(sum) == 0) print 0; else print sum}' /var/ipfire/captive/clients +# Discovery of configured ovpn clients +UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{"{#NAME}":"%s","{#COMMONNAME}":"%s","{#STATE}":"%s","{#REMARK}":"%s","{#TYPE}":"%s"}", separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }' +# Get OpenVPN status report +UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf ""timestamp":%s,"clients":[",unixtime($2) } /^.+,[0-9]+.[0-9]+.[0-9]+.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{"common_name":"%s","real_address":"%s","bytes_in":"%s","bytes_out":"%s","connected_since":"%s"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],"routing_table":["; separator = "" } /^[0-9]+.[0-9]+.[0-9]+.[0-9]+,.+,[0-9]+.[0-9]+.[0-9]+.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{"common_name":"%s","virtual_address":"%s","real_address":"%s","last_ref":"%s"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }' +# Allow item key to be called with (unused) parameters. This allows the #SINGLETON method of discovering this item only when openvpn service is active +Alias=ipfire.ovpn.statusreport.get[]:ipfire.ovpn.statusreport.get \ No newline at end of file
-
Robin Roevens