chiefgeek
a1a17e81a1
Includes updated JS challenge scripts with Claude-User whitelist, same-site referer bypass, Blackbox-Exporter allowed bot, and all new exporters, cheat sheets, and automation scripts.
444 lines
15 KiB
Bash
444 lines
15 KiB
Bash
#!/usr/bin/env bash
|
|
#
|
|
# OpenVPN Prometheus Metrics Exporter
|
|
#
|
|
# Prometheus textfile collector exporter for OpenVPN.
|
|
# Parses the OpenVPN status log (v2 or v3 format) to collect connected
|
|
# client count, per-client bytes transferred, connection timestamps,
|
|
# and server queue statistics.
|
|
#
|
|
# Usage:
|
|
# OPENVPN_STATUS_FILE="/var/log/openvpn/openvpn-status.log" ./openvpn-exporter.sh
|
|
# OPENVPN_STATUS_FILE="/var/log/openvpn/openvpn-status.log" ./openvpn-exporter.sh --textfile
|
|
# OPENVPN_STATUS_FILE="/var/log/openvpn/openvpn-status.log" ./openvpn-exporter.sh --install
|
|
#
|
|
# Parameters:
|
|
# --textfile Write to textfile collector directory
|
|
# --install Create cron job for automatic collection
|
|
# --help Show usage
|
|
#
|
|
# Environment:
|
|
# OPENVPN_STATUS_FILE Path to OpenVPN status log (default: /var/log/openvpn/openvpn-status.log)
|
|
# OPENVPN_MGMT_HOST Management interface host (optional, for future use)
|
|
# OPENVPN_MGMT_PORT Management interface port (optional, for future use)
|
|
# TEXTFILE_DIR Textfile collector directory (default: /var/lib/node_exporter/textfile_collector)
|
|
#
|
|
# Author: Phil Connor
|
|
# Contact: contact@mylinux.work
|
|
# Website: https://mylinux.work
|
|
# License: MIT
|
|
# Version: 1.0
|
|
#
|
|
# Metrics Exported:
|
|
# Core:
|
|
# - openvpn_up
|
|
# - openvpn_exporter_info{version}
|
|
#
|
|
# Clients:
|
|
# - openvpn_connected_clients
|
|
# - openvpn_client_bytes_received{common_name}
|
|
# - openvpn_client_bytes_sent{common_name}
|
|
# - openvpn_client_connected_since_timestamp{common_name}
|
|
#
|
|
# Server:
|
|
# - openvpn_server_max_bcast_mcast_queue_length
|
|
# - openvpn_status_file_age_seconds
|
|
#
|
|
# Exporter:
|
|
# - openvpn_exporter_duration_seconds
|
|
# - openvpn_exporter_last_run_timestamp
|
|
|
|
set -euo pipefail
|
|
|
|
# --- Configuration ---
|
|
readonly VERSION="1.0"
|
|
readonly SCRIPT_NAME="$(basename "$0")"
|
|
OPENVPN_STATUS_FILE="${OPENVPN_STATUS_FILE:-/var/log/openvpn/openvpn-status.log}"
|
|
OPENVPN_MGMT_HOST="${OPENVPN_MGMT_HOST:-}"
|
|
OPENVPN_MGMT_PORT="${OPENVPN_MGMT_PORT:-}"
|
|
TEXTFILE_DIR="${TEXTFILE_DIR:-/var/lib/node_exporter/textfile_collector}"
|
|
TEXTFILE_MODE=false
|
|
OUTPUT=""
|
|
START_TIME=""
|
|
|
|
# --- Functions ---
|
|
|
|
usage() {
|
|
cat <<EOF
|
|
Usage: $SCRIPT_NAME [OPTIONS]
|
|
|
|
OpenVPN Prometheus Metrics Exporter
|
|
|
|
Options:
|
|
--textfile Write metrics to textfile collector directory
|
|
--install Create cron job for automatic collection
|
|
--help Show this help message
|
|
|
|
Environment Variables:
|
|
OPENVPN_STATUS_FILE Path to OpenVPN status log (default: /var/log/openvpn/openvpn-status.log)
|
|
OPENVPN_MGMT_HOST Management interface host (optional)
|
|
OPENVPN_MGMT_PORT Management interface port (optional)
|
|
TEXTFILE_DIR Output directory (default: /var/lib/node_exporter/textfile_collector)
|
|
|
|
Examples:
|
|
OPENVPN_STATUS_FILE="/var/log/openvpn/openvpn-status.log" $SCRIPT_NAME
|
|
OPENVPN_STATUS_FILE="/var/log/openvpn/openvpn-status.log" $SCRIPT_NAME --textfile
|
|
OPENVPN_STATUS_FILE="/var/log/openvpn/openvpn-status.log" $SCRIPT_NAME --install
|
|
EOF
|
|
exit 0
|
|
}
|
|
|
|
check_dependencies() {
|
|
local missing=()
|
|
for cmd in awk date; do
|
|
if ! command -v "$cmd" &>/dev/null; then
|
|
missing+=("$cmd")
|
|
fi
|
|
done
|
|
if [[ ${#missing[@]} -gt 0 ]]; then
|
|
echo "ERROR: Missing required commands: ${missing[*]}" >&2
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
validate_config() {
|
|
if [[ ! -f "$OPENVPN_STATUS_FILE" ]]; then
|
|
echo "WARNING: Status file not found: $OPENVPN_STATUS_FILE" >&2
|
|
return 1
|
|
fi
|
|
if [[ ! -r "$OPENVPN_STATUS_FILE" ]]; then
|
|
echo "ERROR: Cannot read status file: $OPENVPN_STATUS_FILE" >&2
|
|
exit 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
add_metric() {
|
|
local name="$1"
|
|
local type="$2"
|
|
local help="$3"
|
|
local value="$4"
|
|
local labels="${5:-}"
|
|
|
|
if [[ -n "$labels" ]]; then
|
|
OUTPUT+="# HELP ${name} ${help}
|
|
# TYPE ${name} ${type}
|
|
${name}{${labels}} ${value}
|
|
"
|
|
else
|
|
OUTPUT+="# HELP ${name} ${help}
|
|
# TYPE ${name} ${type}
|
|
${name} ${value}
|
|
"
|
|
fi
|
|
}
|
|
|
|
add_metric_value() {
|
|
local name="$1"
|
|
local value="$2"
|
|
local labels="${3:-}"
|
|
|
|
if [[ -n "$labels" ]]; then
|
|
OUTPUT+="${name}{${labels}} ${value}
|
|
"
|
|
else
|
|
OUTPUT+="${name} ${value}
|
|
"
|
|
fi
|
|
}
|
|
|
|
parse_datetime() {
|
|
local datetime="$1"
|
|
# Handle common OpenVPN date formats
|
|
# Format: "Thu Jun 12 10:30:45 2025" or "2025-06-12 10:30:45"
|
|
if date -d "$datetime" +%s 2>/dev/null; then
|
|
return
|
|
fi
|
|
echo "0"
|
|
}
|
|
|
|
detect_status_format() {
|
|
# Detect v2 (tab-separated with headers) vs v3 (comma-separated with TITLE lines)
|
|
local first_line
|
|
first_line=$(head -1 "$OPENVPN_STATUS_FILE")
|
|
|
|
if [[ "$first_line" == *"TITLE"* ]]; then
|
|
echo "v3"
|
|
else
|
|
echo "v2"
|
|
fi
|
|
}
|
|
|
|
collect_status_v2() {
|
|
local section=""
|
|
local client_count=0
|
|
local max_queue=0
|
|
|
|
while IFS= read -r line || [[ -n "$line" ]]; do
|
|
# Skip empty lines
|
|
[[ -z "$line" ]] && continue
|
|
|
|
# Detect section headers
|
|
if [[ "$line" == "OpenVPN CLIENT LIST" ]]; then
|
|
section="clients"
|
|
continue
|
|
elif [[ "$line" == "ROUTING TABLE" ]]; then
|
|
section="routing"
|
|
continue
|
|
elif [[ "$line" == "GLOBAL STATS" ]]; then
|
|
section="global"
|
|
continue
|
|
elif [[ "$line" == "END" ]]; then
|
|
section=""
|
|
continue
|
|
fi
|
|
|
|
# Skip header lines
|
|
if [[ "$line" == "Common Name,"* ]] || [[ "$line" == "Virtual Address,"* ]] || [[ "$line" == "Updated,"* ]]; then
|
|
continue
|
|
fi
|
|
|
|
case "$section" in
|
|
clients)
|
|
# Format: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
|
|
local cn real_addr bytes_recv bytes_sent connected_since
|
|
IFS=',' read -r cn real_addr bytes_recv bytes_sent connected_since <<< "$line"
|
|
|
|
# Skip if this looks like a header or invalid
|
|
[[ -z "$cn" || "$cn" == "Common Name" ]] && continue
|
|
|
|
client_count=$((client_count + 1))
|
|
|
|
# Per-client bytes received
|
|
if [[ $client_count -eq 1 ]]; then
|
|
add_metric "openvpn_client_bytes_received" "gauge" "Bytes received from client" "$bytes_recv" "common_name=\"${cn}\""
|
|
else
|
|
add_metric_value "openvpn_client_bytes_received" "$bytes_recv" "common_name=\"${cn}\""
|
|
fi
|
|
|
|
# Per-client bytes sent
|
|
if [[ $client_count -eq 1 ]]; then
|
|
add_metric "openvpn_client_bytes_sent" "gauge" "Bytes sent to client" "$bytes_sent" "common_name=\"${cn}\""
|
|
else
|
|
add_metric_value "openvpn_client_bytes_sent" "$bytes_sent" "common_name=\"${cn}\""
|
|
fi
|
|
|
|
# Per-client connected since timestamp
|
|
local since_ts
|
|
since_ts=$(parse_datetime "$connected_since")
|
|
if [[ $client_count -eq 1 ]]; then
|
|
add_metric "openvpn_client_connected_since_timestamp" "gauge" "Unix timestamp when client connected" "$since_ts" "common_name=\"${cn}\""
|
|
else
|
|
add_metric_value "openvpn_client_connected_since_timestamp" "$since_ts" "common_name=\"${cn}\""
|
|
fi
|
|
;;
|
|
global)
|
|
# Format: "Max bcast/mcast queue length,42"
|
|
if [[ "$line" == "Max bcast/mcast queue length,"* ]]; then
|
|
max_queue="${line##*,}"
|
|
fi
|
|
;;
|
|
esac
|
|
done < "$OPENVPN_STATUS_FILE"
|
|
|
|
add_metric "openvpn_connected_clients" "gauge" "Number of currently connected clients" "$client_count"
|
|
|
|
if [[ "$max_queue" -gt 0 ]] 2>/dev/null; then
|
|
add_metric "openvpn_server_max_bcast_mcast_queue_length" "gauge" "Maximum broadcast/multicast queue length" "$max_queue"
|
|
else
|
|
add_metric "openvpn_server_max_bcast_mcast_queue_length" "gauge" "Maximum broadcast/multicast queue length" "0"
|
|
fi
|
|
}
|
|
|
|
collect_status_v3() {
|
|
local section=""
|
|
local client_count=0
|
|
local max_queue=0
|
|
local header_fields=()
|
|
|
|
while IFS= read -r line || [[ -n "$line" ]]; do
|
|
[[ -z "$line" ]] && continue
|
|
|
|
# v3 format uses TITLE, TIME, HEADER, CLIENT_LIST, ROUTING_TABLE, GLOBAL_STATS, END
|
|
local line_type
|
|
line_type=$(echo "$line" | cut -d$'\t' -f1)
|
|
|
|
case "$line_type" in
|
|
TITLE|TIME)
|
|
continue
|
|
;;
|
|
HEADER)
|
|
local header_section
|
|
header_section=$(echo "$line" | cut -d$'\t' -f2)
|
|
section="$header_section"
|
|
continue
|
|
;;
|
|
CLIENT_LIST)
|
|
# Tab-separated: CLIENT_LIST, Common Name, Real Address, Virtual Address,
|
|
# Virtual IPv6 Address, Bytes Received, Bytes Sent,
|
|
# Connected Since, Connected Since (time_t), Username, ...
|
|
local cn bytes_recv bytes_sent connected_since_t
|
|
cn=$(echo "$line" | cut -d$'\t' -f2)
|
|
bytes_recv=$(echo "$line" | cut -d$'\t' -f6)
|
|
bytes_sent=$(echo "$line" | cut -d$'\t' -f7)
|
|
connected_since_t=$(echo "$line" | cut -d$'\t' -f9)
|
|
|
|
[[ -z "$cn" || "$cn" == "UNDEF" ]] && continue
|
|
|
|
client_count=$((client_count + 1))
|
|
|
|
if [[ $client_count -eq 1 ]]; then
|
|
add_metric "openvpn_client_bytes_received" "gauge" "Bytes received from client" "$bytes_recv" "common_name=\"${cn}\""
|
|
else
|
|
add_metric_value "openvpn_client_bytes_received" "$bytes_recv" "common_name=\"${cn}\""
|
|
fi
|
|
|
|
if [[ $client_count -eq 1 ]]; then
|
|
add_metric "openvpn_client_bytes_sent" "gauge" "Bytes sent to client" "$bytes_sent" "common_name=\"${cn}\""
|
|
else
|
|
add_metric_value "openvpn_client_bytes_sent" "$bytes_sent" "common_name=\"${cn}\""
|
|
fi
|
|
|
|
# Use time_t directly if available, otherwise parse the date string
|
|
local since_ts="${connected_since_t:-0}"
|
|
if [[ -z "$since_ts" || "$since_ts" == "0" ]]; then
|
|
local connected_since
|
|
connected_since=$(echo "$line" | cut -d$'\t' -f8)
|
|
since_ts=$(parse_datetime "$connected_since")
|
|
fi
|
|
|
|
if [[ $client_count -eq 1 ]]; then
|
|
add_metric "openvpn_client_connected_since_timestamp" "gauge" "Unix timestamp when client connected" "$since_ts" "common_name=\"${cn}\""
|
|
else
|
|
add_metric_value "openvpn_client_connected_since_timestamp" "$since_ts" "common_name=\"${cn}\""
|
|
fi
|
|
;;
|
|
GLOBAL_STATS)
|
|
# Tab-separated: GLOBAL_STATS, stat name, value
|
|
local stat_name stat_value
|
|
stat_name=$(echo "$line" | cut -d$'\t' -f2)
|
|
stat_value=$(echo "$line" | cut -d$'\t' -f3)
|
|
|
|
if [[ "$stat_name" == "Max bcast/mcast queue length" ]]; then
|
|
max_queue="$stat_value"
|
|
fi
|
|
;;
|
|
END)
|
|
break
|
|
;;
|
|
esac
|
|
done < "$OPENVPN_STATUS_FILE"
|
|
|
|
add_metric "openvpn_connected_clients" "gauge" "Number of currently connected clients" "$client_count"
|
|
|
|
if [[ "$max_queue" -gt 0 ]] 2>/dev/null; then
|
|
add_metric "openvpn_server_max_bcast_mcast_queue_length" "gauge" "Maximum broadcast/multicast queue length" "$max_queue"
|
|
else
|
|
add_metric "openvpn_server_max_bcast_mcast_queue_length" "gauge" "Maximum broadcast/multicast queue length" "0"
|
|
fi
|
|
}
|
|
|
|
collect_status_file_age() {
|
|
if [[ -f "$OPENVPN_STATUS_FILE" ]]; then
|
|
local file_mtime now age
|
|
file_mtime=$(stat -c %Y "$OPENVPN_STATUS_FILE" 2>/dev/null || stat -f %m "$OPENVPN_STATUS_FILE" 2>/dev/null || echo "0")
|
|
now=$(date +%s)
|
|
age=$((now - file_mtime))
|
|
add_metric "openvpn_status_file_age_seconds" "gauge" "Age of the status file in seconds" "$age"
|
|
else
|
|
add_metric "openvpn_status_file_age_seconds" "gauge" "Age of the status file in seconds" "-1"
|
|
fi
|
|
}
|
|
|
|
write_output() {
|
|
if [[ "$TEXTFILE_MODE" == true ]]; then
|
|
local output_file="${TEXTFILE_DIR}/openvpn.prom"
|
|
local temp_file="${output_file}.$$"
|
|
|
|
mkdir -p "$TEXTFILE_DIR"
|
|
echo "$OUTPUT" > "$temp_file"
|
|
mv "$temp_file" "$output_file"
|
|
else
|
|
echo "$OUTPUT"
|
|
fi
|
|
}
|
|
|
|
install_cron() {
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "ERROR: --install requires root" >&2
|
|
exit 1
|
|
fi
|
|
|
|
local script_path
|
|
script_path=$(readlink -f "$0")
|
|
|
|
cat > /etc/cron.d/openvpn-exporter <<EOF
|
|
# OpenVPN Prometheus Exporter — runs every minute
|
|
OPENVPN_STATUS_FILE=${OPENVPN_STATUS_FILE}
|
|
TEXTFILE_DIR=${TEXTFILE_DIR}
|
|
* * * * * root ${script_path} --textfile 2>/dev/null
|
|
EOF
|
|
|
|
chmod 644 /etc/cron.d/openvpn-exporter
|
|
echo "Installed cron job: /etc/cron.d/openvpn-exporter"
|
|
echo "Metrics will be written to: ${TEXTFILE_DIR}/openvpn.prom"
|
|
}
|
|
|
|
# --- Main ---
|
|
|
|
main() {
|
|
# Parse arguments
|
|
for arg in "$@"; do
|
|
case "$arg" in
|
|
--textfile) TEXTFILE_MODE=true ;;
|
|
--install)
|
|
check_dependencies
|
|
install_cron
|
|
exit 0
|
|
;;
|
|
--help|-h) usage ;;
|
|
*) echo "Unknown option: $arg" >&2; usage ;;
|
|
esac
|
|
done
|
|
|
|
check_dependencies
|
|
|
|
START_TIME=$(date +%s%N)
|
|
|
|
# Exporter info
|
|
add_metric "openvpn_exporter_info" "gauge" "Exporter version information" "1" "version=\"${VERSION}\""
|
|
|
|
# Check if status file is accessible
|
|
if validate_config; then
|
|
add_metric "openvpn_up" "gauge" "OpenVPN status file reachability (1=readable, 0=not found)" "1"
|
|
|
|
# Detect format and collect
|
|
local format
|
|
format=$(detect_status_format)
|
|
|
|
if [[ "$format" == "v3" ]]; then
|
|
collect_status_v3
|
|
else
|
|
collect_status_v2
|
|
fi
|
|
|
|
collect_status_file_age
|
|
else
|
|
add_metric "openvpn_up" "gauge" "OpenVPN status file reachability (1=readable, 0=not found)" "0"
|
|
add_metric "openvpn_connected_clients" "gauge" "Number of currently connected clients" "0"
|
|
add_metric "openvpn_server_max_bcast_mcast_queue_length" "gauge" "Maximum broadcast/multicast queue length" "0"
|
|
add_metric "openvpn_status_file_age_seconds" "gauge" "Age of the status file in seconds" "-1"
|
|
fi
|
|
|
|
# Exporter performance
|
|
local end_time duration
|
|
end_time=$(date +%s%N)
|
|
duration=$(echo "scale=2; ($end_time - $START_TIME) / 1000000000" | bc 2>/dev/null || echo "0")
|
|
add_metric "openvpn_exporter_duration_seconds" "gauge" "Time to generate all metrics" "$duration"
|
|
add_metric "openvpn_exporter_last_run_timestamp" "gauge" "Unix timestamp of last successful run" "$(date +%s)"
|
|
|
|
write_output
|
|
}
|
|
|
|
main "$@"
|