Libreswan IPSec tunnel monitoring with Netdata
Collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels.
The following charts are created, per tunnel:
- Uptime
- the uptime of the tunnel
- Traffic
- bytes in
- bytes out
Configuration
Edit the charts.d/libreswan.conf configuration file using edit-config from the Netdata config
directory, which is typically at /etc/netdata.
cd /etc/netdata # Replace this path with your Netdata config directory, if different
sudo ./edit-config charts.d/libreswan.conf
The plugin executes 2 commands to collect all the information it needs:
ipsec whack --status
ipsec whack --trafficstatus
The first command is used to extract the currently established tunnels, their IDs and their names. The second command is used to extract the current uptime and traffic.
Most probably user netdata will not be able to query libreswan, so the ipsec commands will be denied.
The plugin attempts to run ipsec as sudo ipsec ..., to get access to libreswan statistics.
To allow user netdata execute sudo ipsec ..., create the file /etc/sudoers.d/netdata with this content:
netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --status
netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --trafficstatus
Make sure the path /sbin/ipsec matches your setup (execute which ipsec to find the right path).
Was this page helpful?
Need further help?
Search for an answer in our community forum.
Contribute
- Join our community forum
- Learn how to contribute to Netdata's open-source project
- Submit a feature request