summaryrefslogtreecommitdiffstats
path: root/scripts/munin
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xscripts/munin/freeradius_acct88
-rwxr-xr-xscripts/munin/freeradius_auth103
-rwxr-xr-xscripts/munin/freeradius_proxy_acct88
-rwxr-xr-xscripts/munin/freeradius_proxy_auth103
-rwxr-xr-xscripts/munin/radsniff246
5 files changed, 628 insertions, 0 deletions
diff --git a/scripts/munin/freeradius_acct b/scripts/munin/freeradius_acct
new file mode 100755
index 0000000..a61627c
--- /dev/null
+++ b/scripts/munin/freeradius_acct
@@ -0,0 +1,88 @@
+#!/bin/sh
+#
+# Plugin to count the daily amount of freeradius authentication packets.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+#
+# Copyright (C) 2008 Alan DeKok <aland@deployingradius.com>
+#
+# Magic markers - optional - used by installation scripts and
+# munin-config:
+#
+#%# family=manual
+#%# capabilities=autoconf
+
+RADMIN=radmin
+SOCKETFILE=/var/run/radiusd/radiusd.sock
+
+if [ "$1" = "autoconf" ]; then
+ #
+ # FIXME: Check if FreeRADIUS is running.
+ #
+ echo yes
+ exit 0
+fi
+
+if [ "$1" = "config" ]; then
+ echo 'graph_title FreeRADIUS Accounting Requests'
+ echo 'graph_args --base 1000 -l 0 '
+ echo 'graph_period second'
+ echo 'graph_vlabel requests / ${graph_period}'
+ echo 'graph_category Other'
+
+ echo 'requests.label Accounting-Requests'
+ echo 'requests.info total received request packets'
+ echo 'requests.type DERIVE'
+ echo 'requests.min 0'
+
+ echo 'responses.label Accounting-Responses'
+ echo 'responses.info total sent response packets'
+ echo 'responses.type DERIVE'
+ echo 'responses.min 0'
+
+ echo 'dup.label Duplicate requests'
+ echo 'dup.info total duplicate request packets'
+ echo 'dup.type DERIVE'
+ echo 'dup.min 0'
+
+ echo 'invalid.label Invalid requests'
+ echo 'invalid.info total invalid request packets'
+ echo 'invalid.type DERIVE'
+ echo 'invalid.min 0'
+
+ echo 'malformed.label Malformed requests'
+ echo 'malformed.info total malformed request packets'
+ echo 'malformed.type DERIVE'
+ echo 'malformed.min 0'
+
+ echo 'bad_signature.label Requests with bad signature'
+ echo 'bad_signature.info total request packets with a bad signature'
+ echo 'bad_signature.type DERIVE'
+ echo 'bad_signature.min 0'
+
+ echo 'dropped.label Dropped requests'
+ echo 'dropped.info total request packets dropped for other reasons'
+ echo 'dropped.type DERIVE'
+ echo 'dropped.min 0'
+
+ echo 'unknown_types.label Unknown type'
+ echo 'unknown_types.info total request packets of unknown type'
+ echo 'unknown_types.type DERIVE'
+ echo 'unknown_types.min 0'
+
+ exit 0
+fi
+
+$RADMIN -f $SOCKETFILE -e "stats client acct" | awk '{print $1".value " $2}'
diff --git a/scripts/munin/freeradius_auth b/scripts/munin/freeradius_auth
new file mode 100755
index 0000000..b602402
--- /dev/null
+++ b/scripts/munin/freeradius_auth
@@ -0,0 +1,103 @@
+#!/bin/sh
+#
+# Plugin to count the daily amount of freeradius authentication packets.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+#
+# Copyright (C) 2008 Alan DeKok <aland@deployingradius.com>
+#
+# Magic markers - optional - used by installation scripts and
+# munin-config:
+#
+#%# family=manual
+#%# capabilities=autoconf
+
+RADMIN=radmin
+SOCKETFILE=/var/run/radiusd/radiusd.sock
+
+if [ "$1" = "autoconf" ]; then
+ #
+ # FIXME: Check if FreeRADIUS is running.
+ #
+ echo yes
+ exit 0
+fi
+
+if [ "$1" = "config" ]; then
+ echo 'graph_title FreeRADIUS Authentication Requests'
+ echo 'graph_args --base 1000 -l 0 '
+ echo 'graph_period second'
+ echo 'graph_vlabel requests / ${graph_period}'
+ echo 'graph_category Other'
+
+ echo 'requests.label Access-Requests'
+ echo 'requests.info total received request packets'
+ echo 'requests.type DERIVE'
+ echo 'requests.min 0'
+
+ echo 'responses.label responses (all types)'
+ echo 'responses.info total sent response packets'
+ echo 'responses.type DERIVE'
+ echo 'responses.min 0'
+
+ echo 'accepts.label Access-Accepts'
+ echo 'accepts.info total sent Access-Accept packets'
+ echo 'accepts.type DERIVE'
+ echo 'accepts.min 0'
+
+ echo 'rejects.label Access-Rejects'
+ echo 'rejects.info total sent Access-Reject packets'
+ echo 'rejects.type DERIVE'
+ echo 'rejects.min 0'
+
+ echo 'challenges.label Access-Challenges'
+ echo 'challenges.info total sent Access-Challenge packets'
+ echo 'challenges.type DERIVE'
+ echo 'challenges.min 0'
+
+ echo 'dup.label Duplicate requests'
+ echo 'dup.info total duplicate request packets'
+ echo 'dup.type DERIVE'
+ echo 'dup.min 0'
+
+ echo 'invalid.label Invalid requests'
+ echo 'invalid.info total invalid request packets'
+ echo 'invalid.type DERIVE'
+ echo 'invalid.min 0'
+
+ echo 'malformed.label Malformed requests'
+ echo 'malformed.info total malformed request packets'
+ echo 'malformed.type DERIVE'
+ echo 'malformed.min 0'
+
+ echo 'bad_signature.label Requests with bad signature'
+ echo 'bad_signature.info total request packets with a bad signature'
+ echo 'bad_signature.type DERIVE'
+ echo 'bad_signature.min 0'
+
+ echo 'dropped.label Dropped requests'
+ echo 'dropped.info total request packets dropped for other reasons'
+ echo 'dropped.type DERIVE'
+ echo 'dropped.min 0'
+
+ echo 'unknown_types.label Unknown type'
+ echo 'unknown_types.info total request packets of unknown type'
+ echo 'unknown_types.type DERIVE'
+ echo 'unknown_types.min 0'
+
+ exit 0
+fi
+
+$RADMIN -f $SOCKETFILE -e "stats client auth" | awk '{print $1".value " $2}'
diff --git a/scripts/munin/freeradius_proxy_acct b/scripts/munin/freeradius_proxy_acct
new file mode 100755
index 0000000..7a8b85b
--- /dev/null
+++ b/scripts/munin/freeradius_proxy_acct
@@ -0,0 +1,88 @@
+#!/bin/sh
+#
+# Plugin to count the daily amount of freeradius authentication packets.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+#
+# Copyright (C) 2008 Alan DeKok <aland@deployingradius.com>
+#
+# Magic markers - optional - used by installation scripts and
+# munin-config:
+#
+#%# family=manual
+#%# capabilities=autoconf
+
+RADMIN=radmin
+SOCKETFILE=/var/run/radiusd/radiusd.sock
+
+if [ "$1" = "autoconf" ]; then
+ #
+ # FIXME: Check if FreeRADIUS is running.
+ #
+ echo yes
+ exit 0
+fi
+
+if [ "$1" = "config" ]; then
+ echo 'graph_title FreeRADIUS Proxied Accounting Requests'
+ echo 'graph_args --base 1000 -l 0 '
+ echo 'graph_period second'
+ echo 'graph_vlabel requests / ${graph_period}'
+ echo 'graph_category Other'
+
+ echo 'requests.label Accounting-Requests'
+ echo 'requests.info total sent request packets'
+ echo 'requests.type DERIVE'
+ echo 'requests.min 0'
+
+ echo 'responses.label Accounting-Responses'
+ echo 'responses.info total received response packets'
+ echo 'responses.type DERIVE'
+ echo 'responses.min 0'
+
+ echo 'dup.label Duplicate requests'
+ echo 'dup.info total duplicate request packets'
+ echo 'dup.type DERIVE'
+ echo 'dup.min 0'
+
+ echo 'invalid.label Invalid requests'
+ echo 'invalid.info total invalid request packets'
+ echo 'invalid.type DERIVE'
+ echo 'invalid.min 0'
+
+ echo 'malformed.label Malformed requests'
+ echo 'malformed.info total malformed request packets'
+ echo 'malformed.type DERIVE'
+ echo 'malformed.min 0'
+
+ echo 'bad_signature.label Requests with bad signature'
+ echo 'bad_signature.info total request packets with a bad signature'
+ echo 'bad_signature.type DERIVE'
+ echo 'bad_signature.min 0'
+
+ echo 'dropped.label Dropped requests'
+ echo 'dropped.info total request packets dropped for other reasons'
+ echo 'dropped.type DERIVE'
+ echo 'dropped.min 0'
+
+ echo 'unknown_types.label Unknown type'
+ echo 'unknown_types.info total request packets of unknown type'
+ echo 'unknown_types.type DERIVE'
+ echo 'unknown_types.min 0'
+
+ exit 0
+fi
+
+$RADMIN -f $SOCKETFILE -e "stats client acct" | awk '{print $1".value " $2}'
diff --git a/scripts/munin/freeradius_proxy_auth b/scripts/munin/freeradius_proxy_auth
new file mode 100755
index 0000000..dbc8617
--- /dev/null
+++ b/scripts/munin/freeradius_proxy_auth
@@ -0,0 +1,103 @@
+#!/bin/sh
+#
+# Plugin to count the daily amount of freeradius authentication packets.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+#
+# Copyright (C) 2008 Alan DeKok <aland@deployingradius.com>
+#
+# Magic markers - optional - used by installation scripts and
+# munin-config:
+#
+#%# family=manual
+#%# capabilities=autoconf
+
+RADMIN=radmin
+SOCKETFILE=/var/run/radiusd/radiusd.sock
+
+if [ "$1" = "autoconf" ]; then
+ #
+ # FIXME: Check if FreeRADIUS is running.
+ #
+ echo yes
+ exit 0
+fi
+
+if [ "$1" = "config" ]; then
+ echo 'graph_title FreeRADIUS Proxied Authentication Requests'
+ echo 'graph_args --base 1000 -l 0 '
+ echo 'graph_period second'
+ echo 'graph_vlabel requests / ${graph_period}'
+ echo 'graph_category Other'
+
+ echo 'requests.label Access-Requests'
+ echo 'requests.info total sent request packets'
+ echo 'requests.type DERIVE'
+ echo 'requests.min 0'
+
+ echo 'responses.label responses (all types)'
+ echo 'responses.info total received response packets'
+ echo 'responses.type DERIVE'
+ echo 'responses.min 0'
+
+ echo 'accepts.label Access-Accepts'
+ echo 'accepts.info total received Access-Accept packets'
+ echo 'accepts.type DERIVE'
+ echo 'accepts.min 0'
+
+ echo 'rejects.label Access-Rejects'
+ echo 'rejects.info total received Access-Reject packets'
+ echo 'rejects.type DERIVE'
+ echo 'rejects.min 0'
+
+ echo 'challenges.label Access-Challenges'
+ echo 'challenges.info total received Access-Challenge packets'
+ echo 'challenges.type DERIVE'
+ echo 'challenges.min 0'
+
+ echo 'dup.label Duplicate requests'
+ echo 'dup.info total duplicate request packets'
+ echo 'dup.type DERIVE'
+ echo 'dup.min 0'
+
+ echo 'invalid.label Invalid requests'
+ echo 'invalid.info total invalid request packets'
+ echo 'invalid.type DERIVE'
+ echo 'invalid.min 0'
+
+ echo 'malformed.label Malformed requests'
+ echo 'malformed.info total malformed request packets'
+ echo 'malformed.type DERIVE'
+ echo 'malformed.min 0'
+
+ echo 'bad_signature.label Requests with bad signature'
+ echo 'bad_signature.info total request packets with a bad signature'
+ echo 'bad_signature.type DERIVE'
+ echo 'bad_signature.min 0'
+
+ echo 'dropped.label Dropped requests'
+ echo 'dropped.info total request packets dropped for other reasons'
+ echo 'dropped.type DERIVE'
+ echo 'dropped.min 0'
+
+ echo 'unknown_types.label Unknown type'
+ echo 'unknown_types.info total request packets of unknown type'
+ echo 'unknown_types.type DERIVE'
+ echo 'unknown_types.min 0'
+
+ exit 0
+fi
+
+$RADMIN -f $SOCKETFILE -e "stats home_server auth" | awk '{print $1".value " $2}'
diff --git a/scripts/munin/radsniff b/scripts/munin/radsniff
new file mode 100755
index 0000000..47f4400
--- /dev/null
+++ b/scripts/munin/radsniff
@@ -0,0 +1,246 @@
+#!/bin/sh
+: << =cut
+
+=head1 NAME
+
+radsniff - A plugin to consume statistics generated by radsniff via collectd RRD files
+
+=head1 APPLICABLE SYSTEMS
+
+radsniff v4 or later
+
+=head1 CONFIGURATION
+
+This plugin uses the following configuration variables:
+
+ [radsniff]
+ env.host - The host collectd thinks the radsniff data
+ originated from (defaults to current host).
+ env.rrd_path - Path to the directory containing rrd files.
+ env.type - Either radius_rtx, radius_latency or radius_count
+ env.pkt_type - The type of packet to graph.
+ env.instance - radsniff instance name (passed to radsniff with -N).
+
+=head1 AUTHOR
+
+Copyright (C) 2014 Arran Cudbard-Bell <a.cudbardb@freeradius.org>
+
+=head1 LICENSE
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+
+=head1 MAGIC MARKERS
+
+ #%# family=manual
+
+=cut
+
+if [ -z "$type" ]; then
+ echo "env.type must be set" >&2
+ exit -1
+fi
+
+if [ -z "$pkt_type" ]; then
+ echo "env.pkt_type must be set" >&2
+ exit -1
+fi
+
+if [ "$1" = "config" ]; then
+ pretty_pkt_type=`echo "$pkt_type" | sed -e 's/_/ /g' | sed 's/^./\U&\E/'`
+
+ case "$type" in
+ radius_rtx)
+ echo "graph_title ${pretty_pkt_type} rtx"
+ echo 'graph_args --base 1000 -l 0 '
+ echo 'graph_period second'
+ echo 'graph_vlabel Exchanged / ${graph_period}'
+ echo 'graph_category RADIUS'
+
+ echo 'none.label no loss'
+ echo 'none.info Responses received after first request'
+ echo 'none.type GAUGE'
+ echo 'none.min 0'
+
+ echo 'one.label 1'
+ echo 'one.info Responses received after one retransmission'
+ echo 'one.type GAUGE'
+ echo 'one.min 0'
+
+ echo 'two.label 2'
+ echo 'two.info Responses received after two retransmissions'
+ echo 'two.type GAUGE'
+ echo 'two.min 0'
+
+ echo 'three.label 3'
+ echo 'three.info Responses received after three retransmissions'
+ echo 'three.type GAUGE'
+ echo 'three.min 0'
+
+ echo 'four.label 4'
+ echo 'four.info Responses received after four retransmissions'
+ echo 'four.type GAUGE'
+ echo 'four.min 0'
+
+ echo 'more.label more'
+ echo 'more.info Responses received after more than four retransmissions'
+ echo 'more.type GAUGE'
+ echo 'more.min 0'
+
+ echo 'lost.label lost'
+ echo 'lost.info Requests to which no response was seen'
+ echo 'lost.type GAUGE'
+ echo 'lost.min 0'
+ ;;
+
+ radius_latency)
+ echo "graph_title ${pretty_pkt_type} latency"
+ echo 'graph_args --base 1000 -l 0 '
+ echo 'graph_vlabel Latency (ms)'
+ echo 'graph_category RADIUS'
+
+ echo 'smoothed.label smoothed avg'
+ echo 'smoothed.info Smoothed average'
+ echo 'smoothed.type GAUGE'
+ echo 'smoothed.min 0'
+
+ echo 'avg.label avg'
+ echo 'avg.info Average latency over the stats interval'
+ echo 'avg.type GAUGE'
+ echo 'avg.min 0'
+
+ echo 'high.label high'
+ echo 'high.info Highest latency over the stats interval'
+ echo 'high.type GAUGE'
+ echo 'high.min 0'
+
+ echo 'low.label low'
+ echo 'low.info Lowest latency over the stats interval'
+ echo 'low.type GAUGE'
+ echo 'low.min 0'
+ ;;
+
+ radius_count)
+ echo "graph_title $pretty_pkt_type counters"
+ echo 'graph_args --base 1000 -l 0 '
+ echo 'graph_period second'
+ echo 'graph_vlabel Packets / ${graph_period}'
+ echo 'graph_category RADIUS'
+
+ echo 'received.label received'
+ echo 'received.info Packets of this type received'
+ echo 'received.type GAUGE'
+ echo 'received.min 0'
+
+ echo 'linked.label linked'
+ echo 'linked.info Packets linked to another request or response'
+ echo 'linked.type GAUGE'
+ echo 'linked.min 0'
+
+ echo 'unlinked.label unlinked'
+ echo 'unlinked.info Packets not linked to another request or response'
+ echo 'unlinked.type GAUGE'
+ echo 'unlinked.min 0'
+
+ echo 'reused.label reused'
+ echo 'reused.info Request which (prematurely) re-used the same ID as a previous request'
+ echo 'reused.type GAUGE'
+ echo 'reused.min 0'
+ ;;
+ *)
+ echo "env.type ($type) is invalid must be radius_rtx, radius_latency, or radius_count" >&2
+ exit -1
+ esac
+ exit 0
+fi
+
+HOST=${host:-`hostname -f`}
+INSTANCE=${instance:-'radsniff'}
+RRD_PATH=${rrd_path:-"/var/lib/collectd/rrd/${HOST}/${INSTANCE}-exchanged"}
+RRD_PATH="${RRD_PATH}/${type}-${pkt_type}.rrd"
+RRD_RES=${rrd_res:-300}
+
+if [ ! -e "$RRD_PATH" ]; then
+ echo "rrd file '$RRD_PATH' does not exist" >&2
+ exit -1
+fi
+
+fetch_data()
+{
+ # RRD tool doesn't always select the correct period (seems
+ # to round up and give us -nan results) in the interest of
+ # gap free graphing, we attempt to get the last two periods
+ # worth of data, and then use the newest non -nan one.
+ # It's not perfect and should be fixed at some point...
+ rrd_last=`rrdtool fetch "$RRD_PATH" $1 -r $RRD_RES -e $(expr $(date +%s) / $RRD_RES \* $RRD_RES) -s end-$(expr $RRD_RES \* 2)`; ret=$?
+ if [ $ret -ne 0 ]; then
+ echo "$rrd_last" >&2
+ exit $ret
+ fi
+ echo "$rrd_last" | head -1
+ echo "$rrd_last" | grep '^[0-9]*:' | grep -v -E '^[0-9]*:( -nan)*$' | tail -1
+}
+
+fetch_data_column()
+{
+ echo "$(fetch_data $1)" | tail -1 | cut -d ' ' -f $(expr $2 + 2)
+}
+
+case "$type" in
+ radius_rtx)
+ col=2
+ rrd_data=$(fetch_data 'AVERAGE')
+ for var in `echo "$rrd_data" | head -1`; do
+ case "$var" in
+ 1) printf "one.value ";;
+ 2) printf "two.value ";;
+ 3) printf "three.value ";;
+ 4) printf "four.value ";;
+ *) printf "$var.value ";;
+ esac
+ echo "$rrd_data" | tail -1 | cut -d ' ' -f $col
+ col=`expr $col + 1`
+ done
+ ;;
+
+ radius_count)
+ col=2
+ rrd_data=$(fetch_data 'AVERAGE')
+ for var in `echo "$rrd_data" | head -1`; do
+ printf "$var.value "
+ echo "$rrd_data" | tail -1 | cut -d ' ' -f $col
+ col=`expr $col + 1`
+ done
+ ;;
+
+ radius_latency)
+ printf "smoothed.value "
+ fetch_data_column 'AVERAGE' 0
+
+ printf "avg.value "
+ fetch_data_column 'AVERAGE' 1
+
+ # Averages here are unacceptable because we use this to detect
+ # abnormally long delays in responses, and if we average all the highs
+ # over a five minute period, transient spikes in latency may be lost.
+ printf "high.value "
+ fetch_data_column 'MAX' 2
+
+ # Again we need the lowest value of the set here, as an abnormally
+ # quick response may indicate something is wrong.
+ printf "low.value "
+ fetch_data_column 'MIN' 3
+ ;;
+esac
+exit 0