diff options
Diffstat (limited to 'collectors/python.d.plugin/freeradius')
-rw-r--r-- | collectors/python.d.plugin/freeradius/Makefile.inc | 13 | ||||
-rw-r--r-- | collectors/python.d.plugin/freeradius/README.md | 90 | ||||
-rw-r--r-- | collectors/python.d.plugin/freeradius/freeradius.chart.py | 177 | ||||
-rw-r--r-- | collectors/python.d.plugin/freeradius/freeradius.conf | 80 |
4 files changed, 360 insertions, 0 deletions
diff --git a/collectors/python.d.plugin/freeradius/Makefile.inc b/collectors/python.d.plugin/freeradius/Makefile.inc new file mode 100644 index 0000000..54aa649 --- /dev/null +++ b/collectors/python.d.plugin/freeradius/Makefile.inc @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +# THIS IS NOT A COMPLETE Makefile +# IT IS INCLUDED BY ITS PARENT'S Makefile.am +# IT IS REQUIRED TO REFERENCE ALL FILES RELATIVE TO THE PARENT + +# install these files +dist_python_DATA += freeradius/freeradius.chart.py +dist_pythonconfig_DATA += freeradius/freeradius.conf + +# do not install these files, but include them in the distribution +dist_noinst_DATA += freeradius/README.md freeradius/Makefile.inc + diff --git a/collectors/python.d.plugin/freeradius/README.md b/collectors/python.d.plugin/freeradius/README.md new file mode 100644 index 0000000..2993c89 --- /dev/null +++ b/collectors/python.d.plugin/freeradius/README.md @@ -0,0 +1,90 @@ +<!-- +title: "FreeRADIUS monitoring with Netdata" +custom_edit_url: https://github.com/netdata/netdata/edit/master/collectors/python.d.plugin/freeradius/README.md +sidebar_label: "FreeRADIUS" +--> + +# FreeRADIUS monitoring with Netdata + +Uses the `radclient` command to provide freeradius statistics. It is not recommended to run it every second. + +It produces: + +1. **Authentication counters:** + + - access-accepts + - access-rejects + - auth-dropped-requests + - auth-duplicate-requests + - auth-invalid-requests + - auth-malformed-requests + - auth-unknown-types + +2. **Accounting counters:** [optional] + + - accounting-requests + - accounting-responses + - acct-dropped-requests + - acct-duplicate-requests + - acct-invalid-requests + - acct-malformed-requests + - acct-unknown-types + +3. **Proxy authentication counters:** [optional] + + - proxy-access-accepts + - proxy-access-rejects + - proxy-auth-dropped-requests + - proxy-auth-duplicate-requests + - proxy-auth-invalid-requests + - proxy-auth-malformed-requests + - proxy-auth-unknown-types + +4. **Proxy accounting counters:** [optional] + + - proxy-accounting-requests + - proxy-accounting-responses + - proxy-acct-dropped-requests + - proxy-acct-duplicate-requests + - proxy-acct-invalid-requests + - proxy-acct-malformed-requests + - proxy-acct-unknown-typesa + +## Configuration + +Edit the `python.d/freeradius.conf` configuration file using `edit-config` from the Netdata [config +directory](/docs/configure/nodes.md), which is typically at `/etc/netdata`. + +```bash +cd /etc/netdata # Replace this path with your Netdata config directory, if different +sudo ./edit-config python.d/freeradius.conf +``` + +Sample: + +```yaml +local: + host : 'localhost' + port : '18121' + secret : 'adminsecret' + acct : False # Freeradius accounting statistics. + proxy_auth : False # Freeradius proxy authentication statistics. + proxy_acct : False # Freeradius proxy accounting statistics. +``` + +**Freeradius server configuration:** + +The configuration for the status server is automatically created in the sites-available directory. +By default, server is enabled and can be queried from every client. +FreeRADIUS will only respond to status-server messages, if the status-server virtual server has been enabled. + +To do this, create a link from the sites-enabled directory to the status file in the sites-available directory: + +- cd sites-enabled +- ln -s ../sites-available/status status + +and restart/reload your FREERADIUS server. + +--- + +[![analytics](https://www.google-analytics.com/collect?v=1&aip=1&t=pageview&_s=1&ds=github&dr=https%3A%2F%2Fgithub.com%2Fnetdata%2Fnetdata&dl=https%3A%2F%2Fmy-netdata.io%2Fgithub%2Fcollectors%2Fpython.d.plugin%2Ffreeradius%2FREADME&_u=MAC~&cid=5792dfd7-8dc4-476b-af31-da2fdb9f93d2&tid=UA-64295674-3)](<>) diff --git a/collectors/python.d.plugin/freeradius/freeradius.chart.py b/collectors/python.d.plugin/freeradius/freeradius.chart.py new file mode 100644 index 0000000..161d57e --- /dev/null +++ b/collectors/python.d.plugin/freeradius/freeradius.chart.py @@ -0,0 +1,177 @@ +# -*- coding: utf-8 -*- +# Description: freeradius netdata python.d module +# Author: ilyam8 +# SPDX-License-Identifier: GPL-3.0-or-later + +import re +from subprocess import Popen, PIPE + +from bases.FrameworkServices.SimpleService import SimpleService +from bases.collection import find_binary + +update_every = 15 + +PARSER = re.compile(r'((?<=-)[AP][a-zA-Z-]+) = (\d+)') + +RADIUS_MSG = 'Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 15, Response-Packet-Type = Access-Accept' + +RADCLIENT_RETRIES = 1 +RADCLIENT_TIMEOUT = 1 + +DEFAULT_HOST = 'localhost' +DEFAULT_PORT = 18121 +DEFAULT_DO_ACCT = False +DEFAULT_DO_PROXY_AUTH = False +DEFAULT_DO_PROXY_ACCT = False + +ORDER = [ + 'authentication', + 'accounting', + 'proxy-auth', + 'proxy-acct', +] + +CHARTS = { + 'authentication': { + 'options': [None, 'Authentication', 'packets/s', 'authentication', 'freerad.auth', 'line'], + 'lines': [ + ['access-accepts', None, 'incremental'], + ['access-rejects', None, 'incremental'], + ['auth-dropped-requests', 'dropped-requests', 'incremental'], + ['auth-duplicate-requests', 'duplicate-requests', 'incremental'], + ['auth-invalid-requests', 'invalid-requests', 'incremental'], + ['auth-malformed-requests', 'malformed-requests', 'incremental'], + ['auth-unknown-types', 'unknown-types', 'incremental'] + ] + }, + 'accounting': { + 'options': [None, 'Accounting', 'packets/s', 'accounting', 'freerad.acct', 'line'], + 'lines': [ + ['accounting-requests', 'requests', 'incremental'], + ['accounting-responses', 'responses', 'incremental'], + ['acct-dropped-requests', 'dropped-requests', 'incremental'], + ['acct-duplicate-requests', 'duplicate-requests', 'incremental'], + ['acct-invalid-requests', 'invalid-requests', 'incremental'], + ['acct-malformed-requests', 'malformed-requests', 'incremental'], + ['acct-unknown-types', 'unknown-types', 'incremental'] + ] + }, + 'proxy-auth': { + 'options': [None, 'Proxy Authentication', 'packets/s', 'authentication', 'freerad.proxy.auth', 'line'], + 'lines': [ + ['proxy-access-accepts', 'access-accepts', 'incremental'], + ['proxy-access-rejects', 'access-rejects', 'incremental'], + ['proxy-auth-dropped-requests', 'dropped-requests', 'incremental'], + ['proxy-auth-duplicate-requests', 'duplicate-requests', 'incremental'], + ['proxy-auth-invalid-requests', 'invalid-requests', 'incremental'], + ['proxy-auth-malformed-requests', 'malformed-requests', 'incremental'], + ['proxy-auth-unknown-types', 'unknown-types', 'incremental'] + ] + }, + 'proxy-acct': { + 'options': [None, 'Proxy Accounting', 'packets/s', 'accounting', 'freerad.proxy.acct', 'line'], + 'lines': [ + ['proxy-accounting-requests', 'requests', 'incremental'], + ['proxy-accounting-responses', 'responses', 'incremental'], + ['proxy-acct-dropped-requests', 'dropped-requests', 'incremental'], + ['proxy-acct-duplicate-requests', 'duplicate-requests', 'incremental'], + ['proxy-acct-invalid-requests', 'invalid-requests', 'incremental'], + ['proxy-acct-malformed-requests', 'malformed-requests', 'incremental'], + ['proxy-acct-unknown-types', 'unknown-types', 'incremental'] + ] + } +} + + +def radclient_status(radclient, retries, timeout, host, port, secret): + # radclient -r 1 -t 1 -x 127.0.0.1:18121 status secret + + return '{radclient} -r {num_retries} -t {timeout} -x {host}:{port} status {secret}'.format( + radclient=radclient, + num_retries=retries, + timeout=timeout, + host=host, + port=port, + secret=secret, + ).split() + + +class Service(SimpleService): + def __init__(self, configuration=None, name=None): + SimpleService.__init__(self, configuration=configuration, name=name) + self.order = ORDER + self.definitions = CHARTS + self.host = self.configuration.get('host', DEFAULT_HOST) + self.port = self.configuration.get('port', DEFAULT_PORT) + self.secret = self.configuration.get('secret') + self.do_acct = self.configuration.get('acct', DEFAULT_DO_ACCT) + self.do_proxy_auth = self.configuration.get('proxy_auth', DEFAULT_DO_PROXY_AUTH) + self.do_proxy_acct = self.configuration.get('proxy_acct', DEFAULT_DO_PROXY_ACCT) + self.echo = find_binary('echo') + self.radclient = find_binary('radclient') + self.sub_echo = [self.echo, RADIUS_MSG] + self.sub_radclient = radclient_status( + self.radclient, RADCLIENT_RETRIES, RADCLIENT_TIMEOUT, self.host, self.port, self.secret, + ) + + def check(self): + if not self.radclient: + self.error("Can't locate 'radclient' binary or binary is not executable by netdata user") + return False + + if not self.echo: + self.error("Can't locate 'echo' binary or binary is not executable by netdata user") + return None + + if not self.secret: + self.error("'secret' isn't set") + return None + + if not self.get_raw_data(): + self.error('Request returned no data. Is server alive?') + return False + + if not self.do_acct: + self.order.remove('accounting') + + if not self.do_proxy_auth: + self.order.remove('proxy-auth') + + if not self.do_proxy_acct: + self.order.remove('proxy-acct') + + return True + + def get_data(self): + """ + Format data received from shell command + :return: dict + """ + result = self.get_raw_data() + + if not result: + return None + + return dict( + (key.lower(), value) for key, value in PARSER.findall(result) + ) + + def get_raw_data(self): + """ + The following code is equivalent to + 'echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 15, Response-Packet-Type = Access-Accept" + | radclient -t 1 -r 1 host:port status secret' + :return: str + """ + try: + process_echo = Popen(self.sub_echo, stdout=PIPE, stderr=PIPE, shell=False) + process_rad = Popen(self.sub_radclient, stdin=process_echo.stdout, stdout=PIPE, stderr=PIPE, shell=False) + process_echo.stdout.close() + raw_result = process_rad.communicate()[0] + except OSError: + return None + + if process_rad.returncode is 0: + return raw_result.decode() + + return None diff --git a/collectors/python.d.plugin/freeradius/freeradius.conf b/collectors/python.d.plugin/freeradius/freeradius.conf new file mode 100644 index 0000000..74b2737 --- /dev/null +++ b/collectors/python.d.plugin/freeradius/freeradius.conf @@ -0,0 +1,80 @@ +# netdata python.d.plugin configuration for freeradius +# +# This file is in YaML format. Generally the format is: +# +# name: value +# +# There are 2 sections: +# - global variables +# - one or more JOBS +# +# JOBS allow you to collect values from multiple sources. +# Each source will have its own set of charts. +# +# JOB parameters have to be indented (using spaces only, example below). + +# ---------------------------------------------------------------------- +# Global Variables +# These variables set the defaults for all JOBs, however each JOB +# may define its own, overriding the defaults. + +# update_every sets the default data collection frequency. +# If unset, the python.d.plugin default is used. +# update_every: 1 + +# priority controls the order of charts at the netdata dashboard. +# Lower numbers move the charts towards the top of the page. +# If unset, the default for python.d.plugin is used. +# priority: 60000 + +# penalty indicates whether to apply penalty to update_every in case of failures. +# Penalty will increase every 5 failed updates in a row. Maximum penalty is 10 minutes. +# penalty: yes + +# autodetection_retry sets the job re-check interval in seconds. +# The job is not deleted if check fails. +# Attempts to start the job are made once every autodetection_retry. +# This feature is disabled by default. +# autodetection_retry: 0 + +# ---------------------------------------------------------------------- +# JOBS (data collection sources) +# +# The default JOBS share the same *name*. JOBS with the same name +# are mutually exclusive. Only one of them will be allowed running at +# any time. This allows autodetection to try several alternatives and +# pick the one that works. +# +# Any number of jobs is supported. +# +# All python.d.plugin JOBS (for all its modules) support a set of +# predefined parameters. These are: +# +# job_name: +# name: myname # the JOB's name as it will appear at the +# # dashboard (by default is the job_name) +# # JOBs sharing a name are mutually exclusive +# update_every: 1 # the JOB's data collection frequency +# priority: 60000 # the JOB's order on the dashboard +# penalty: yes # the JOB's penalty +# autodetection_retry: 0 # the JOB's re-check interval in seconds +# +# Additionally to the above, freeradius also supports the following: +# +# host: 'host' # Default: 'localhost'. Server ip address or hostname. +# port: 'port' # Default: '18121'. Port on which freeradius server listen (type = status). +# secret: 'secret' # Default: 'adminsecret'. +# acct: yes/no # Default: no. Freeradius accounting statistics. +# proxy_auth: yes/no # Default: no. Freeradius proxy authentication statistics. +# proxy_acct: yes/no # Default: no. Freeradius proxy accounting statistics. +# +# ------------------------------------------------------------------------------------------------------------------ +# Freeradius server configuration: +# The configuration for the status server is automatically created in the sites-available directory. +# By default, server is enabled and can be queried from every client. +# FreeRADIUS will only respond to status-server messages, if the status-server virtual server has been enabled. +# To do this, create a link from the sites-enabled directory to the status file in the sites-available directory: +# cd sites-enabled +# ln -s ../sites-available/status status +# and restart/reload your FREERADIUS server. +# ------------------------------------------------------------------------------------------------------------------ |