summaryrefslogtreecommitdiffstats
path: root/collectors/charts.d.plugin/libreswan
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-02-07 11:45:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-02-07 11:45:55 +0000
commita8220ab2d293bb7f4b014b79d16b2fb05090fa93 (patch)
tree77f0a30f016c0925cf7ee9292e644bba183c2774 /collectors/charts.d.plugin/libreswan
parentAdding upstream version 1.19.0. (diff)
downloadnetdata-a8220ab2d293bb7f4b014b79d16b2fb05090fa93.tar.xz
netdata-a8220ab2d293bb7f4b014b79d16b2fb05090fa93.zip
Adding upstream version 1.29.0.upstream/1.29.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'collectors/charts.d.plugin/libreswan')
-rw-r--r--collectors/charts.d.plugin/libreswan/README.md20
-rw-r--r--collectors/charts.d.plugin/libreswan/libreswan.chart.sh161
2 files changed, 104 insertions, 77 deletions
diff --git a/collectors/charts.d.plugin/libreswan/README.md b/collectors/charts.d.plugin/libreswan/README.md
index d75c1ea96..b1c1f05e4 100644
--- a/collectors/charts.d.plugin/libreswan/README.md
+++ b/collectors/charts.d.plugin/libreswan/README.md
@@ -1,6 +1,12 @@
-# libreswan
+<!--
+title: "Libreswan IPSec tunnel monitoring with Netdata"
+custom_edit_url: https://github.com/netdata/netdata/edit/master/collectors/charts.d.plugin/libreswan/README.md
+sidebar_label: "Libreswan IPSec tunnels"
+-->
-The plugin will collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels.
+# Libreswan IPSec tunnel monitoring with Netdata
+
+Collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels.
The following charts are created, **per tunnel**:
@@ -13,9 +19,15 @@ The following charts are created, **per tunnel**:
- bytes in
- bytes out
-## configuration
+## Configuration
+
+Edit the `charts.d/libreswan.conf` configuration file using `edit-config` from the Netdata [config
+directory](/docs/configure/nodes.md), which is typically at `/etc/netdata`.
-Its config file is `/etc/netdata/charts.d/libreswan.conf`.
+```bash
+cd /etc/netdata # Replace this path with your Netdata config directory, if different
+sudo ./edit-config charts.d/libreswan.conf
+```
The plugin executes 2 commands to collect all the information it needs:
diff --git a/collectors/charts.d.plugin/libreswan/libreswan.chart.sh b/collectors/charts.d.plugin/libreswan/libreswan.chart.sh
index 1a8f90b11..bfa2b9ea1 100644
--- a/collectors/charts.d.plugin/libreswan/libreswan.chart.sh
+++ b/collectors/charts.d.plugin/libreswan/libreswan.chart.sh
@@ -37,78 +37,93 @@ declare -A libreswan_established_add_time=()
# we need this to avoid converting tunnel names to chart IDs on every iteration
declare -A libreswan_tunnel_charts=()
+is_able_sudo_ipsec() {
+ if ! sudo -n -l "${IPSEC_CMD}" whack --status > /dev/null 2>&1; then
+ return 1
+ fi
+ if ! sudo -n -l "${IPSEC_CMD}" whack --trafficstatus > /dev/null 2>&1; then
+ return 1
+ fi
+ return 0
+}
+
# run the ipsec command
libreswan_ipsec() {
- if [ ${libreswan_sudo} -ne 0 ]; then
- sudo -n "${IPSEC_CMD}" "${@}"
- return $?
- else
- "${IPSEC_CMD}" "${@}"
- return $?
- fi
+ if [ ${libreswan_sudo} -ne 0 ]; then
+ sudo -n "${IPSEC_CMD}" "${@}"
+ return $?
+ else
+ "${IPSEC_CMD}" "${@}"
+ return $?
+ fi
}
# fetch latest values - fill the arrays
libreswan_get() {
- # do all the work to collect / calculate the values
- # for each dimension
-
- # empty the variables
- libreswan_traffic_in=()
- libreswan_traffic_out=()
- libreswan_established_add_time=()
- libreswan_connected_tunnels=()
-
- # convert the ipsec command output to a shell script
- # and source it to get the values
- # shellcheck disable=SC1090
- source <(
- {
- libreswan_ipsec whack --status
- libreswan_ipsec whack --trafficstatus
- } | sed -n \
- -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\".*IPsec SA established.*newest IPSEC.*|libreswan_connected_tunnels[\"\1\"]=\"\2\"|p" \
- -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\",.* add_time=\([0-9]\+\),.* inBytes=\([0-9]\+\),.* outBytes=\([0-9]\+\).*|libreswan_traffic_in[\"\1\"]=\"\4\"; libreswan_traffic_out[\"\1\"]=\"\5\"; libreswan_established_add_time[\"\1\"]=\"\3\";|p"
- ) || return 1
-
- # check we got some data
- [ ${#libreswan_connected_tunnels[@]} -eq 0 ] && return 1
-
- return 0
+ # do all the work to collect / calculate the values
+ # for each dimension
+
+ # empty the variables
+ libreswan_traffic_in=()
+ libreswan_traffic_out=()
+ libreswan_established_add_time=()
+ libreswan_connected_tunnels=()
+
+ # convert the ipsec command output to a shell script
+ # and source it to get the values
+ # shellcheck disable=SC1090
+ source <(
+ {
+ libreswan_ipsec whack --status
+ libreswan_ipsec whack --trafficstatus
+ } | sed -n \
+ -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\".*IPsec SA established.*newest IPSEC.*|libreswan_connected_tunnels[\"\1\"]=\"\2\"|p" \
+ -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\",\{0,1\}.* add_time=\([0-9]\+\),.* inBytes=\([0-9]\+\),.* outBytes=\([0-9]\+\).*|libreswan_traffic_in[\"\1\"]=\"\4\"; libreswan_traffic_out[\"\1\"]=\"\5\"; libreswan_established_add_time[\"\1\"]=\"\3\";|p"
+ ) || return 1
+
+ # check we got some data
+ [ ${#libreswan_connected_tunnels[@]} -eq 0 ] && return 1
+
+ return 0
}
# _check is called once, to find out if this chart should be enabled or not
libreswan_check() {
- # this should return:
- # - 0 to enable the chart
- # - 1 to disable the chart
+ # this should return:
+ # - 0 to enable the chart
+ # - 1 to disable the chart
+
+ require_cmd ipsec || return 1
- require_cmd ipsec || return 1
+ # make sure it is libreswan
+ # shellcheck disable=SC2143
+ if [ -z "$(ipsec --version | grep -i libreswan)" ]; then
+ error "ipsec command is not Libreswan. Disabling Libreswan plugin."
+ return 1
+ fi
- # make sure it is libreswan
- # shellcheck disable=SC2143
- if [ -z "$(ipsec --version | grep -i libreswan)" ]; then
- error "ipsec command is not Libreswan. Disabling Libreswan plugin."
- return 1
- fi
+ if [ ${libreswan_sudo} -ne 0 ] && ! is_able_sudo_ipsec; then
+ error "not enough permissions to execute ipsec with sudo. Disabling Libreswan plugin."
+ return 1
+ fi
- # check that we can collect data
- libreswan_get || return 1
+ # check that we can collect data
+ libreswan_get || return 1
- return 0
+ return 0
}
# create the charts for an ipsec tunnel
libreswan_create_one() {
- local n="${1}" name
+ local n="${1}" name
- name="${libreswan_connected_tunnels[${n}]}"
+ name="${libreswan_connected_tunnels[${n}]}"
- [ ! -z "${libreswan_tunnel_charts[${name}]}" ] && return 0
+ [ -n "${libreswan_tunnel_charts[${name}]}" ] && return 0
- libreswan_tunnel_charts[${name}]="$(fixid "${name}")"
+ libreswan_tunnel_charts[${name}]="$(fixid "${name}")"
- cat <<EOF
+ cat << EOF
CHART libreswan.${libreswan_tunnel_charts[${name}]}_net '${name}_net' "LibreSWAN Tunnel ${name} Traffic" "kilobits/s" "${name}" libreswan.net area $((libreswan_priority)) $libreswan_update_every
DIMENSION in '' incremental 8 1000
DIMENSION out '' incremental -8 1000
@@ -116,35 +131,35 @@ CHART libreswan.${libreswan_tunnel_charts[${name}]}_uptime '${name}_uptime' "Lib
DIMENSION uptime '' absolute 1 1
EOF
- return 0
+ return 0
}
# _create is called once, to create the charts
libreswan_create() {
- local n
- for n in "${!libreswan_connected_tunnels[@]}"; do
- libreswan_create_one "${n}"
- done
- return 0
+ local n
+ for n in "${!libreswan_connected_tunnels[@]}"; do
+ libreswan_create_one "${n}"
+ done
+ return 0
}
libreswan_now=$(date +%s)
# send the values to netdata for an ipsec tunnel
libreswan_update_one() {
- local n="${1}" microseconds="${2}" name id uptime
+ local n="${1}" microseconds="${2}" name id uptime
- name="${libreswan_connected_tunnels[${n}]}"
- id="${libreswan_tunnel_charts[${name}]}"
+ name="${libreswan_connected_tunnels[${n}]}"
+ id="${libreswan_tunnel_charts[${name}]}"
- [ -z "${id}" ] && libreswan_create_one "${name}"
+ [ -z "${id}" ] && libreswan_create_one "${name}"
- uptime=$((libreswan_now - libreswan_established_add_time[${n}]))
- [ ${uptime} -lt 0 ] && uptime=0
+ uptime=$((libreswan_now - libreswan_established_add_time[${n}]))
+ [ ${uptime} -lt 0 ] && uptime=0
- # write the result of the work.
- cat <<VALUESEOF
+ # write the result of the work.
+ cat << VALUESEOF
BEGIN libreswan.${id}_net ${microseconds}
SET in = ${libreswan_traffic_in[${n}]}
SET out = ${libreswan_traffic_out[${n}]}
@@ -157,16 +172,16 @@ VALUESEOF
# _update is called continiously, to collect the values
libreswan_update() {
- # the first argument to this function is the microseconds since last update
- # pass this parameter to the BEGIN statement (see bellow).
+ # the first argument to this function is the microseconds since last update
+ # pass this parameter to the BEGIN statement (see bellow).
- libreswan_get || return 1
- libreswan_now=$(date +%s)
+ libreswan_get || return 1
+ libreswan_now=$(date +%s)
- local n
- for n in "${!libreswan_connected_tunnels[@]}"; do
- libreswan_update_one "${n}" "${@}"
- done
+ local n
+ for n in "${!libreswan_connected_tunnels[@]}"; do
+ libreswan_update_one "${n}" "${@}"
+ done
- return 0
+ return 0
}