diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-02-07 11:45:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-02-07 11:45:55 +0000 |
commit | a8220ab2d293bb7f4b014b79d16b2fb05090fa93 (patch) | |
tree | 77f0a30f016c0925cf7ee9292e644bba183c2774 /collectors/charts.d.plugin/libreswan | |
parent | Adding upstream version 1.19.0. (diff) | |
download | netdata-a8220ab2d293bb7f4b014b79d16b2fb05090fa93.tar.xz netdata-a8220ab2d293bb7f4b014b79d16b2fb05090fa93.zip |
Adding upstream version 1.29.0.upstream/1.29.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'collectors/charts.d.plugin/libreswan')
-rw-r--r-- | collectors/charts.d.plugin/libreswan/README.md | 20 | ||||
-rw-r--r-- | collectors/charts.d.plugin/libreswan/libreswan.chart.sh | 161 |
2 files changed, 104 insertions, 77 deletions
diff --git a/collectors/charts.d.plugin/libreswan/README.md b/collectors/charts.d.plugin/libreswan/README.md index d75c1ea96..b1c1f05e4 100644 --- a/collectors/charts.d.plugin/libreswan/README.md +++ b/collectors/charts.d.plugin/libreswan/README.md @@ -1,6 +1,12 @@ -# libreswan +<!-- +title: "Libreswan IPSec tunnel monitoring with Netdata" +custom_edit_url: https://github.com/netdata/netdata/edit/master/collectors/charts.d.plugin/libreswan/README.md +sidebar_label: "Libreswan IPSec tunnels" +--> -The plugin will collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels. +# Libreswan IPSec tunnel monitoring with Netdata + +Collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels. The following charts are created, **per tunnel**: @@ -13,9 +19,15 @@ The following charts are created, **per tunnel**: - bytes in - bytes out -## configuration +## Configuration + +Edit the `charts.d/libreswan.conf` configuration file using `edit-config` from the Netdata [config +directory](/docs/configure/nodes.md), which is typically at `/etc/netdata`. -Its config file is `/etc/netdata/charts.d/libreswan.conf`. +```bash +cd /etc/netdata # Replace this path with your Netdata config directory, if different +sudo ./edit-config charts.d/libreswan.conf +``` The plugin executes 2 commands to collect all the information it needs: diff --git a/collectors/charts.d.plugin/libreswan/libreswan.chart.sh b/collectors/charts.d.plugin/libreswan/libreswan.chart.sh index 1a8f90b11..bfa2b9ea1 100644 --- a/collectors/charts.d.plugin/libreswan/libreswan.chart.sh +++ b/collectors/charts.d.plugin/libreswan/libreswan.chart.sh @@ -37,78 +37,93 @@ declare -A libreswan_established_add_time=() # we need this to avoid converting tunnel names to chart IDs on every iteration declare -A libreswan_tunnel_charts=() +is_able_sudo_ipsec() { + if ! sudo -n -l "${IPSEC_CMD}" whack --status > /dev/null 2>&1; then + return 1 + fi + if ! sudo -n -l "${IPSEC_CMD}" whack --trafficstatus > /dev/null 2>&1; then + return 1 + fi + return 0 +} + # run the ipsec command libreswan_ipsec() { - if [ ${libreswan_sudo} -ne 0 ]; then - sudo -n "${IPSEC_CMD}" "${@}" - return $? - else - "${IPSEC_CMD}" "${@}" - return $? - fi + if [ ${libreswan_sudo} -ne 0 ]; then + sudo -n "${IPSEC_CMD}" "${@}" + return $? + else + "${IPSEC_CMD}" "${@}" + return $? + fi } # fetch latest values - fill the arrays libreswan_get() { - # do all the work to collect / calculate the values - # for each dimension - - # empty the variables - libreswan_traffic_in=() - libreswan_traffic_out=() - libreswan_established_add_time=() - libreswan_connected_tunnels=() - - # convert the ipsec command output to a shell script - # and source it to get the values - # shellcheck disable=SC1090 - source <( - { - libreswan_ipsec whack --status - libreswan_ipsec whack --trafficstatus - } | sed -n \ - -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\".*IPsec SA established.*newest IPSEC.*|libreswan_connected_tunnels[\"\1\"]=\"\2\"|p" \ - -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\",.* add_time=\([0-9]\+\),.* inBytes=\([0-9]\+\),.* outBytes=\([0-9]\+\).*|libreswan_traffic_in[\"\1\"]=\"\4\"; libreswan_traffic_out[\"\1\"]=\"\5\"; libreswan_established_add_time[\"\1\"]=\"\3\";|p" - ) || return 1 - - # check we got some data - [ ${#libreswan_connected_tunnels[@]} -eq 0 ] && return 1 - - return 0 + # do all the work to collect / calculate the values + # for each dimension + + # empty the variables + libreswan_traffic_in=() + libreswan_traffic_out=() + libreswan_established_add_time=() + libreswan_connected_tunnels=() + + # convert the ipsec command output to a shell script + # and source it to get the values + # shellcheck disable=SC1090 + source <( + { + libreswan_ipsec whack --status + libreswan_ipsec whack --trafficstatus + } | sed -n \ + -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\".*IPsec SA established.*newest IPSEC.*|libreswan_connected_tunnels[\"\1\"]=\"\2\"|p" \ + -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\",\{0,1\}.* add_time=\([0-9]\+\),.* inBytes=\([0-9]\+\),.* outBytes=\([0-9]\+\).*|libreswan_traffic_in[\"\1\"]=\"\4\"; libreswan_traffic_out[\"\1\"]=\"\5\"; libreswan_established_add_time[\"\1\"]=\"\3\";|p" + ) || return 1 + + # check we got some data + [ ${#libreswan_connected_tunnels[@]} -eq 0 ] && return 1 + + return 0 } # _check is called once, to find out if this chart should be enabled or not libreswan_check() { - # this should return: - # - 0 to enable the chart - # - 1 to disable the chart + # this should return: + # - 0 to enable the chart + # - 1 to disable the chart + + require_cmd ipsec || return 1 - require_cmd ipsec || return 1 + # make sure it is libreswan + # shellcheck disable=SC2143 + if [ -z "$(ipsec --version | grep -i libreswan)" ]; then + error "ipsec command is not Libreswan. Disabling Libreswan plugin." + return 1 + fi - # make sure it is libreswan - # shellcheck disable=SC2143 - if [ -z "$(ipsec --version | grep -i libreswan)" ]; then - error "ipsec command is not Libreswan. Disabling Libreswan plugin." - return 1 - fi + if [ ${libreswan_sudo} -ne 0 ] && ! is_able_sudo_ipsec; then + error "not enough permissions to execute ipsec with sudo. Disabling Libreswan plugin." + return 1 + fi - # check that we can collect data - libreswan_get || return 1 + # check that we can collect data + libreswan_get || return 1 - return 0 + return 0 } # create the charts for an ipsec tunnel libreswan_create_one() { - local n="${1}" name + local n="${1}" name - name="${libreswan_connected_tunnels[${n}]}" + name="${libreswan_connected_tunnels[${n}]}" - [ ! -z "${libreswan_tunnel_charts[${name}]}" ] && return 0 + [ -n "${libreswan_tunnel_charts[${name}]}" ] && return 0 - libreswan_tunnel_charts[${name}]="$(fixid "${name}")" + libreswan_tunnel_charts[${name}]="$(fixid "${name}")" - cat <<EOF + cat << EOF CHART libreswan.${libreswan_tunnel_charts[${name}]}_net '${name}_net' "LibreSWAN Tunnel ${name} Traffic" "kilobits/s" "${name}" libreswan.net area $((libreswan_priority)) $libreswan_update_every DIMENSION in '' incremental 8 1000 DIMENSION out '' incremental -8 1000 @@ -116,35 +131,35 @@ CHART libreswan.${libreswan_tunnel_charts[${name}]}_uptime '${name}_uptime' "Lib DIMENSION uptime '' absolute 1 1 EOF - return 0 + return 0 } # _create is called once, to create the charts libreswan_create() { - local n - for n in "${!libreswan_connected_tunnels[@]}"; do - libreswan_create_one "${n}" - done - return 0 + local n + for n in "${!libreswan_connected_tunnels[@]}"; do + libreswan_create_one "${n}" + done + return 0 } libreswan_now=$(date +%s) # send the values to netdata for an ipsec tunnel libreswan_update_one() { - local n="${1}" microseconds="${2}" name id uptime + local n="${1}" microseconds="${2}" name id uptime - name="${libreswan_connected_tunnels[${n}]}" - id="${libreswan_tunnel_charts[${name}]}" + name="${libreswan_connected_tunnels[${n}]}" + id="${libreswan_tunnel_charts[${name}]}" - [ -z "${id}" ] && libreswan_create_one "${name}" + [ -z "${id}" ] && libreswan_create_one "${name}" - uptime=$((libreswan_now - libreswan_established_add_time[${n}])) - [ ${uptime} -lt 0 ] && uptime=0 + uptime=$((libreswan_now - libreswan_established_add_time[${n}])) + [ ${uptime} -lt 0 ] && uptime=0 - # write the result of the work. - cat <<VALUESEOF + # write the result of the work. + cat << VALUESEOF BEGIN libreswan.${id}_net ${microseconds} SET in = ${libreswan_traffic_in[${n}]} SET out = ${libreswan_traffic_out[${n}]} @@ -157,16 +172,16 @@ VALUESEOF # _update is called continiously, to collect the values libreswan_update() { - # the first argument to this function is the microseconds since last update - # pass this parameter to the BEGIN statement (see bellow). + # the first argument to this function is the microseconds since last update + # pass this parameter to the BEGIN statement (see bellow). - libreswan_get || return 1 - libreswan_now=$(date +%s) + libreswan_get || return 1 + libreswan_now=$(date +%s) - local n - for n in "${!libreswan_connected_tunnels[@]}"; do - libreswan_update_one "${n}" "${@}" - done + local n + for n in "${!libreswan_connected_tunnels[@]}"; do + libreswan_update_one "${n}" "${@}" + done - return 0 + return 0 } |