From 3f3c688181304b4676a7fbb3291270b967f09395 Mon Sep 17 00:00:00 2001 From: Robin Roevens Date: Thu, 17 Jul 2025 19:52:02 +0200 Subject: [PATCH] zabbix_agentd: Add WireGuard specific monitoring items Adds new IPFire specific monitoring capabilities to Zabbix Agent: - ipfire.wireguard.peers.discovery: Discovery of configured WireGuard clients. Returns a JSON array. - ipfire.wireguard.statusreport.get: Parses and returns output of `wireguardctrl dump` as a JSON array. Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer --- config/rootfiles/packages/zabbix_agentd | 1 + config/zabbix_agentd/sudoers | 2 +- config/zabbix_agentd/userparameter_wireguard.conf | 6 ++++++ lfs/zabbix_agentd | 2 ++ 4 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 config/zabbix_agentd/userparameter_wireguard.conf diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index cc75a49bd..52cb37e93 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -22,6 +22,7 @@ var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf +var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf var/ipfire/zabbix_agentd/scripts var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 921e20c89..57273a2c8 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -9,6 +9,6 @@ # Defaults:zabbix !requiretty zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat -zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log +zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log, /usr/local/bin/wireguardctrl dump zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/userparameter_wireguard.conf b/config/zabbix_agentd/userparameter_wireguard.conf new file mode 100644 index 000000000..b7925288a --- /dev/null +++ b/config/zabbix_agentd/userparameter_wireguard.conf @@ -0,0 +1,6 @@ +# Parameters for monitoring IPFire WireGuard specific metrics +# +# Discovery of configured WireGuard peers +UserParameter=ipfire.wireguard.peers.discovery,cat /var/ipfire/wireguard/peers 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#ID}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK_B64}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $4, $5, $2, $11, $3; separator = ","; } END { print "]" }' +# Get Wireguard status report +UserParameter=ipfire.wireguard.statusreport.get,sudo /usr/local/bin/wireguardctrl dump | awk 'BEGIN { ORS = ""; print "[" } NR>1 { printf "%s{\"id\":\"%s\",\"endpoint\":\"%s\",\"allowed_ip\":\"%s\",\"handshake_timestamp\":%s,\"bytes_in\":%s,\"bytes_out\":%s}", separator, $1, $3, $4, $5, $6, $7; separator = ","; } END { print "]" }' diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index ebd184628..6d0a6b4ea 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -114,6 +114,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_gateway.conf \ /var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_wireguard.conf \ + /var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf # Install IPFire-specific Zabbix Agent scripts -mkdir -pv /var/ipfire/zabbix_agentd/scripts -- 2.47.3