Merge pull request #1418 from pimlie/feat-add-wireguard-plugin
feat: add wireguard plugin
This commit is contained in:
commit
83f4e970c4
Binary file not shown.
After Width: | Height: | Size: 16 KiB |
Binary file not shown.
After Width: | Height: | Size: 26 KiB |
|
@ -0,0 +1,187 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# -*- sh -*-
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
: << =cut
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
wireguard_ - Wildcard-plugin to monitor wireguard peer count and traffic
|
||||||
|
|
||||||
|
=head1 CONFIGURATION
|
||||||
|
|
||||||
|
This plugin does not normally require configuration.
|
||||||
|
|
||||||
|
The plugin needs to run as root to be able to call the wg show
|
||||||
|
command. This is configured like this:
|
||||||
|
|
||||||
|
[wireguard_*]
|
||||||
|
user root
|
||||||
|
|
||||||
|
This is a wildcard plugin which by default monitors all wireguard
|
||||||
|
interfaces. To monitor a single wireguard interface, link
|
||||||
|
wireguard_<interface> to this file. For example,
|
||||||
|
|
||||||
|
ln -s /usr/share/munin/plugins/wireguard_ \
|
||||||
|
/etc/munin/plugins/wireguard_wg0
|
||||||
|
|
||||||
|
will monitor wg0.
|
||||||
|
|
||||||
|
|
||||||
|
=head1 AUTHOR
|
||||||
|
|
||||||
|
Original author unknown
|
||||||
|
|
||||||
|
Copyright (C) 2024 pimlie
|
||||||
|
|
||||||
|
=head1 LICENSE
|
||||||
|
|
||||||
|
MIT
|
||||||
|
|
||||||
|
=head1 MAGIC MARKERS
|
||||||
|
|
||||||
|
#%# family=auto
|
||||||
|
#%# capabilities=autoconf suggest
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
. "$MUNIN_LIBDIR/plugins/plugin.sh"
|
||||||
|
|
||||||
|
INTERFACE=${0##*wireguard_}
|
||||||
|
|
||||||
|
function wg_exists {
|
||||||
|
command -v wg >/dev/null
|
||||||
|
return $?
|
||||||
|
}
|
||||||
|
|
||||||
|
function wg_interfaces {
|
||||||
|
show_all=$1
|
||||||
|
for iface in $(wg show interfaces | tr " " "\n"); do
|
||||||
|
# Filter interfaces if needed
|
||||||
|
if [ -z "$show_all" ] \
|
||||||
|
&& [ -n "$INTERFACE" ] \
|
||||||
|
&& [ "$INTERFACE" != "$iface" ]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "$iface"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
function wg_peers {
|
||||||
|
iface=$1
|
||||||
|
|
||||||
|
# From wg 8 manpage:
|
||||||
|
# If dump is specified, then several lines are printed; the first contains
|
||||||
|
# in order separated by tab: private-key, public-key, listen-port, fwmark.
|
||||||
|
# Subsequent lines are printed for each peer and contain in order separated
|
||||||
|
# by tab: public-key, preshared-key, endpoint, allowed-ips, latest-handshake,
|
||||||
|
# transfer-rx, transfer-tx, persistent-keepalive
|
||||||
|
for line in $(wg show "$iface" dump | tr '\t' ';'); do
|
||||||
|
column_count=$(awk -F';' '{print NF}' <<< "$line")
|
||||||
|
if [ "$column_count" -ne 8 ]; then
|
||||||
|
# First line of dump contains interface info, ignore this line
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "$line"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
function safe_peer_id {
|
||||||
|
unsafe_peer_id=$1
|
||||||
|
|
||||||
|
echo "${unsafe_peer_id//[.:]/_}"
|
||||||
|
}
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
autoconf)
|
||||||
|
if wg_exists; then
|
||||||
|
echo "yes"
|
||||||
|
else
|
||||||
|
echo "no (wg command not found)"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
suggest)
|
||||||
|
if wg_exists; then
|
||||||
|
wg_interfaces 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
config)
|
||||||
|
# Config for peer count per interface graph
|
||||||
|
cat << EOF
|
||||||
|
multigraph wireguard_peercount
|
||||||
|
graph_title interface peer count
|
||||||
|
graph_vlabel Number of peers
|
||||||
|
graph_category wireguard
|
||||||
|
graph_info This graph shows the number of peers per wireguard interface
|
||||||
|
EOF
|
||||||
|
|
||||||
|
for iface in $(wg_interfaces); do
|
||||||
|
# List config for all interfaces
|
||||||
|
cat <<EOF
|
||||||
|
pc_on_$iface.label $iface
|
||||||
|
pc_on_$iface.info Interface $iface
|
||||||
|
pc_on_$iface.min 0
|
||||||
|
EOF
|
||||||
|
done
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
for iface in $(wg_interfaces); do
|
||||||
|
# Config for peer traffic
|
||||||
|
cat <<EOF
|
||||||
|
multigraph wireguard_peertraffic_$iface
|
||||||
|
graph_title $iface peer traffic
|
||||||
|
graph_args --base 1000
|
||||||
|
graph_vlabel bits in (-) / out (+) per ${graph_period}
|
||||||
|
graph_category wireguard
|
||||||
|
graph_info This graph shows the traffic per peer on the $iface wireguard interface. Traffic is shown in bits per second.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
for line in $(wg_peers "$iface"); do
|
||||||
|
read -r -a peer <<< "$(echo "$line" | tr ';' ' ')"
|
||||||
|
peer_id=$(safe_peer_id "${peer[2]}")
|
||||||
|
|
||||||
|
# List config for up/down values for each peer
|
||||||
|
cat <<EOF
|
||||||
|
down_${peer_id}.label received
|
||||||
|
down_${peer_id}.type DERIVE
|
||||||
|
down_${peer_id}.graph no
|
||||||
|
down_${peer_id}.cdef down_${peer_id},8,*
|
||||||
|
down_${peer_id}.min 0
|
||||||
|
up_${peer_id}.label ${peer[2]}
|
||||||
|
up_${peer_id}.type DERIVE
|
||||||
|
up_${peer_id}.negative down_${peer_id}
|
||||||
|
up_${peer_id}.cdef up_${peer_id},8,*
|
||||||
|
up_${peer_id}.min 0
|
||||||
|
|
||||||
|
EOF
|
||||||
|
done
|
||||||
|
done
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# Collect & print current monitoring values
|
||||||
|
echo "multigraph wireguard_peercount"
|
||||||
|
for iface in $(wg_interfaces); do
|
||||||
|
echo "pc_on_$iface.value $(wg show "$iface" peers | wc -l)"
|
||||||
|
done
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
for iface in $(wg_interfaces); do
|
||||||
|
echo "multigraph wireguard_peertraffic_$iface"
|
||||||
|
|
||||||
|
for line in $(wg_peers "$iface"); do
|
||||||
|
read -r -a peer <<< "$(echo "$line" | tr ';' ' ')"
|
||||||
|
|
||||||
|
peer_id=$(safe_peer_id "${peer[2]}")
|
||||||
|
|
||||||
|
echo "down_${peer_id}.value ${peer[5]}"
|
||||||
|
echo "up_${peer_id}.value ${peer[6]}"
|
||||||
|
done
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
done
|
||||||
|
;;
|
||||||
|
esac
|
Loading…
Reference in New Issue