#!/usr/bin/env bash # # OpenVPN Prometheus Metrics Exporter # # Prometheus textfile collector exporter for OpenVPN. # Parses the OpenVPN status log (v2 or v3 format) to collect connected # client count, per-client bytes transferred, connection timestamps, # and server queue statistics. # # Usage: # OPENVPN_STATUS_FILE="/var/log/openvpn/openvpn-status.log" ./openvpn-exporter.sh # OPENVPN_STATUS_FILE="/var/log/openvpn/openvpn-status.log" ./openvpn-exporter.sh --textfile # OPENVPN_STATUS_FILE="/var/log/openvpn/openvpn-status.log" ./openvpn-exporter.sh --install # # Parameters: # --textfile Write to textfile collector directory # --install Create cron job for automatic collection # --help Show usage # # Environment: # OPENVPN_STATUS_FILE Path to OpenVPN status log (default: /var/log/openvpn/openvpn-status.log) # OPENVPN_MGMT_HOST Management interface host (optional, for future use) # OPENVPN_MGMT_PORT Management interface port (optional, for future use) # TEXTFILE_DIR Textfile collector directory (default: /var/lib/node_exporter/textfile_collector) # # Author: Phil Connor # Contact: contact@mylinux.work # Website: https://mylinux.work # License: MIT # Version: 1.0 # # Metrics Exported: # Core: # - openvpn_up # - openvpn_exporter_info{version} # # Clients: # - openvpn_connected_clients # - openvpn_client_bytes_received{common_name} # - openvpn_client_bytes_sent{common_name} # - openvpn_client_connected_since_timestamp{common_name} # # Server: # - openvpn_server_max_bcast_mcast_queue_length # - openvpn_status_file_age_seconds # # Exporter: # - openvpn_exporter_duration_seconds # - openvpn_exporter_last_run_timestamp set -euo pipefail # --- Configuration --- readonly VERSION="1.0" readonly SCRIPT_NAME="$(basename "$0")" OPENVPN_STATUS_FILE="${OPENVPN_STATUS_FILE:-/var/log/openvpn/openvpn-status.log}" OPENVPN_MGMT_HOST="${OPENVPN_MGMT_HOST:-}" OPENVPN_MGMT_PORT="${OPENVPN_MGMT_PORT:-}" TEXTFILE_DIR="${TEXTFILE_DIR:-/var/lib/node_exporter/textfile_collector}" TEXTFILE_MODE=false OUTPUT="" START_TIME="" # --- Functions --- usage() { cat </dev/null; then missing+=("$cmd") fi done if [[ ${#missing[@]} -gt 0 ]]; then echo "ERROR: Missing required commands: ${missing[*]}" >&2 exit 1 fi } validate_config() { if [[ ! -f "$OPENVPN_STATUS_FILE" ]]; then echo "WARNING: Status file not found: $OPENVPN_STATUS_FILE" >&2 return 1 fi if [[ ! -r "$OPENVPN_STATUS_FILE" ]]; then echo "ERROR: Cannot read status file: $OPENVPN_STATUS_FILE" >&2 exit 1 fi return 0 } add_metric() { local name="$1" local type="$2" local help="$3" local value="$4" local labels="${5:-}" if [[ -n "$labels" ]]; then OUTPUT+="# HELP ${name} ${help} # TYPE ${name} ${type} ${name}{${labels}} ${value} " else OUTPUT+="# HELP ${name} ${help} # TYPE ${name} ${type} ${name} ${value} " fi } add_metric_value() { local name="$1" local value="$2" local labels="${3:-}" if [[ -n "$labels" ]]; then OUTPUT+="${name}{${labels}} ${value} " else OUTPUT+="${name} ${value} " fi } parse_datetime() { local datetime="$1" # Handle common OpenVPN date formats # Format: "Thu Jun 12 10:30:45 2025" or "2025-06-12 10:30:45" if date -d "$datetime" +%s 2>/dev/null; then return fi echo "0" } detect_status_format() { # Detect v2 (tab-separated with headers) vs v3 (comma-separated with TITLE lines) local first_line first_line=$(head -1 "$OPENVPN_STATUS_FILE") if [[ "$first_line" == *"TITLE"* ]]; then echo "v3" else echo "v2" fi } collect_status_v2() { local section="" local client_count=0 local max_queue=0 while IFS= read -r line || [[ -n "$line" ]]; do # Skip empty lines [[ -z "$line" ]] && continue # Detect section headers if [[ "$line" == "OpenVPN CLIENT LIST" ]]; then section="clients" continue elif [[ "$line" == "ROUTING TABLE" ]]; then section="routing" continue elif [[ "$line" == "GLOBAL STATS" ]]; then section="global" continue elif [[ "$line" == "END" ]]; then section="" continue fi # Skip header lines if [[ "$line" == "Common Name,"* ]] || [[ "$line" == "Virtual Address,"* ]] || [[ "$line" == "Updated,"* ]]; then continue fi case "$section" in clients) # Format: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since local cn real_addr bytes_recv bytes_sent connected_since IFS=',' read -r cn real_addr bytes_recv bytes_sent connected_since <<< "$line" # Skip if this looks like a header or invalid [[ -z "$cn" || "$cn" == "Common Name" ]] && continue client_count=$((client_count + 1)) # Per-client bytes received if [[ $client_count -eq 1 ]]; then add_metric "openvpn_client_bytes_received" "gauge" "Bytes received from client" "$bytes_recv" "common_name=\"${cn}\"" else add_metric_value "openvpn_client_bytes_received" "$bytes_recv" "common_name=\"${cn}\"" fi # Per-client bytes sent if [[ $client_count -eq 1 ]]; then add_metric "openvpn_client_bytes_sent" "gauge" "Bytes sent to client" "$bytes_sent" "common_name=\"${cn}\"" else add_metric_value "openvpn_client_bytes_sent" "$bytes_sent" "common_name=\"${cn}\"" fi # Per-client connected since timestamp local since_ts since_ts=$(parse_datetime "$connected_since") if [[ $client_count -eq 1 ]]; then add_metric "openvpn_client_connected_since_timestamp" "gauge" "Unix timestamp when client connected" "$since_ts" "common_name=\"${cn}\"" else add_metric_value "openvpn_client_connected_since_timestamp" "$since_ts" "common_name=\"${cn}\"" fi ;; global) # Format: "Max bcast/mcast queue length,42" if [[ "$line" == "Max bcast/mcast queue length,"* ]]; then max_queue="${line##*,}" fi ;; esac done < "$OPENVPN_STATUS_FILE" add_metric "openvpn_connected_clients" "gauge" "Number of currently connected clients" "$client_count" if [[ "$max_queue" -gt 0 ]] 2>/dev/null; then add_metric "openvpn_server_max_bcast_mcast_queue_length" "gauge" "Maximum broadcast/multicast queue length" "$max_queue" else add_metric "openvpn_server_max_bcast_mcast_queue_length" "gauge" "Maximum broadcast/multicast queue length" "0" fi } collect_status_v3() { local section="" local client_count=0 local max_queue=0 local header_fields=() while IFS= read -r line || [[ -n "$line" ]]; do [[ -z "$line" ]] && continue # v3 format uses TITLE, TIME, HEADER, CLIENT_LIST, ROUTING_TABLE, GLOBAL_STATS, END local line_type line_type=$(echo "$line" | cut -d$'\t' -f1) case "$line_type" in TITLE|TIME) continue ;; HEADER) local header_section header_section=$(echo "$line" | cut -d$'\t' -f2) section="$header_section" continue ;; CLIENT_LIST) # Tab-separated: CLIENT_LIST, Common Name, Real Address, Virtual Address, # Virtual IPv6 Address, Bytes Received, Bytes Sent, # Connected Since, Connected Since (time_t), Username, ... local cn bytes_recv bytes_sent connected_since_t cn=$(echo "$line" | cut -d$'\t' -f2) bytes_recv=$(echo "$line" | cut -d$'\t' -f6) bytes_sent=$(echo "$line" | cut -d$'\t' -f7) connected_since_t=$(echo "$line" | cut -d$'\t' -f9) [[ -z "$cn" || "$cn" == "UNDEF" ]] && continue client_count=$((client_count + 1)) if [[ $client_count -eq 1 ]]; then add_metric "openvpn_client_bytes_received" "gauge" "Bytes received from client" "$bytes_recv" "common_name=\"${cn}\"" else add_metric_value "openvpn_client_bytes_received" "$bytes_recv" "common_name=\"${cn}\"" fi if [[ $client_count -eq 1 ]]; then add_metric "openvpn_client_bytes_sent" "gauge" "Bytes sent to client" "$bytes_sent" "common_name=\"${cn}\"" else add_metric_value "openvpn_client_bytes_sent" "$bytes_sent" "common_name=\"${cn}\"" fi # Use time_t directly if available, otherwise parse the date string local since_ts="${connected_since_t:-0}" if [[ -z "$since_ts" || "$since_ts" == "0" ]]; then local connected_since connected_since=$(echo "$line" | cut -d$'\t' -f8) since_ts=$(parse_datetime "$connected_since") fi if [[ $client_count -eq 1 ]]; then add_metric "openvpn_client_connected_since_timestamp" "gauge" "Unix timestamp when client connected" "$since_ts" "common_name=\"${cn}\"" else add_metric_value "openvpn_client_connected_since_timestamp" "$since_ts" "common_name=\"${cn}\"" fi ;; GLOBAL_STATS) # Tab-separated: GLOBAL_STATS, stat name, value local stat_name stat_value stat_name=$(echo "$line" | cut -d$'\t' -f2) stat_value=$(echo "$line" | cut -d$'\t' -f3) if [[ "$stat_name" == "Max bcast/mcast queue length" ]]; then max_queue="$stat_value" fi ;; END) break ;; esac done < "$OPENVPN_STATUS_FILE" add_metric "openvpn_connected_clients" "gauge" "Number of currently connected clients" "$client_count" if [[ "$max_queue" -gt 0 ]] 2>/dev/null; then add_metric "openvpn_server_max_bcast_mcast_queue_length" "gauge" "Maximum broadcast/multicast queue length" "$max_queue" else add_metric "openvpn_server_max_bcast_mcast_queue_length" "gauge" "Maximum broadcast/multicast queue length" "0" fi } collect_status_file_age() { if [[ -f "$OPENVPN_STATUS_FILE" ]]; then local file_mtime now age file_mtime=$(stat -c %Y "$OPENVPN_STATUS_FILE" 2>/dev/null || stat -f %m "$OPENVPN_STATUS_FILE" 2>/dev/null || echo "0") now=$(date +%s) age=$((now - file_mtime)) add_metric "openvpn_status_file_age_seconds" "gauge" "Age of the status file in seconds" "$age" else add_metric "openvpn_status_file_age_seconds" "gauge" "Age of the status file in seconds" "-1" fi } write_output() { if [[ "$TEXTFILE_MODE" == true ]]; then local output_file="${TEXTFILE_DIR}/openvpn.prom" local temp_file="${output_file}.$$" mkdir -p "$TEXTFILE_DIR" echo "$OUTPUT" > "$temp_file" mv "$temp_file" "$output_file" else echo "$OUTPUT" fi } install_cron() { if [[ $EUID -ne 0 ]]; then echo "ERROR: --install requires root" >&2 exit 1 fi local script_path script_path=$(readlink -f "$0") cat > /etc/cron.d/openvpn-exporter </dev/null EOF chmod 644 /etc/cron.d/openvpn-exporter echo "Installed cron job: /etc/cron.d/openvpn-exporter" echo "Metrics will be written to: ${TEXTFILE_DIR}/openvpn.prom" } # --- Main --- main() { # Parse arguments for arg in "$@"; do case "$arg" in --textfile) TEXTFILE_MODE=true ;; --install) check_dependencies install_cron exit 0 ;; --help|-h) usage ;; *) echo "Unknown option: $arg" >&2; usage ;; esac done check_dependencies START_TIME=$(date +%s%N) # Exporter info add_metric "openvpn_exporter_info" "gauge" "Exporter version information" "1" "version=\"${VERSION}\"" # Check if status file is accessible if validate_config; then add_metric "openvpn_up" "gauge" "OpenVPN status file reachability (1=readable, 0=not found)" "1" # Detect format and collect local format format=$(detect_status_format) if [[ "$format" == "v3" ]]; then collect_status_v3 else collect_status_v2 fi collect_status_file_age else add_metric "openvpn_up" "gauge" "OpenVPN status file reachability (1=readable, 0=not found)" "0" add_metric "openvpn_connected_clients" "gauge" "Number of currently connected clients" "0" add_metric "openvpn_server_max_bcast_mcast_queue_length" "gauge" "Maximum broadcast/multicast queue length" "0" add_metric "openvpn_status_file_age_seconds" "gauge" "Age of the status file in seconds" "-1" fi # Exporter performance local end_time duration end_time=$(date +%s%N) duration=$(echo "scale=2; ($end_time - $START_TIME) / 1000000000" | bc 2>/dev/null || echo "0") add_metric "openvpn_exporter_duration_seconds" "gauge" "Time to generate all metrics" "$duration" add_metric "openvpn_exporter_last_run_timestamp" "gauge" "Unix timestamp of last successful run" "$(date +%s)" write_output } main "$@"