blob: 7c4eabcf965f9d8098090773ca88f0347d071a5e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
<!--
title: "Libreswan IPSec tunnel monitoring with Netdata"
custom_edit_url: "https://github.com/netdata/netdata/edit/master/collectors/charts.d.plugin/libreswan/README.md"
sidebar_label: "Libreswan IPSec tunnels"
learn_status: "Published"
learn_topic_type: "References"
learn_rel_path: "References/Collectors references/Networking"
-->
# Libreswan IPSec tunnel monitoring with Netdata
Collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels.
The following charts are created, **per tunnel**:
1. **Uptime**
- the uptime of the tunnel
2. **Traffic**
- bytes in
- bytes out
## Configuration
Edit the `charts.d/libreswan.conf` configuration file using `edit-config` from the Netdata [config
directory](https://github.com/netdata/netdata/blob/master/docs/configure/nodes.md), which is typically at `/etc/netdata`.
```bash
cd /etc/netdata # Replace this path with your Netdata config directory, if different
sudo ./edit-config charts.d/libreswan.conf
```
The plugin executes 2 commands to collect all the information it needs:
```sh
ipsec whack --status
ipsec whack --trafficstatus
```
The first command is used to extract the currently established tunnels, their IDs and their names.
The second command is used to extract the current uptime and traffic.
Most probably user `netdata` will not be able to query libreswan, so the `ipsec` commands will be denied.
The plugin attempts to run `ipsec` as `sudo ipsec ...`, to get access to libreswan statistics.
To allow user `netdata` execute `sudo ipsec ...`, create the file `/etc/sudoers.d/netdata` with this content:
```
netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --status
netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --trafficstatus
```
Make sure the path `/sbin/ipsec` matches your setup (execute `which ipsec` to find the right path).
---
|
