-
Notifications
You must be signed in to change notification settings - Fork 77
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #46 from mpraeger/ipsec
Add support for basic ipsec metrics
- Loading branch information
Showing
5 changed files
with
119 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
package ipsec | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/czerwonk/junos_exporter/collector" | ||
"github.com/czerwonk/junos_exporter/rpc" | ||
"github.com/prometheus/client_golang/prometheus" | ||
) | ||
|
||
const prefix string = "junos_ipsec_security_associations_" | ||
|
||
var ( | ||
blockState *prometheus.Desc | ||
activeTunnels *prometheus.Desc | ||
) | ||
|
||
func init() { | ||
l := []string{"target", "description", "name"} | ||
|
||
blockState = prometheus.NewDesc(prefix+"state", "State of the Security Association", l, nil) | ||
activeTunnels = prometheus.NewDesc(prefix+"active_tunnels", "Total active tunnels", l, nil) | ||
} | ||
|
||
type ipsecCollector struct { | ||
} | ||
|
||
// NewCollector creates a new collector | ||
func NewCollector() collector.RPCCollector { | ||
return &ipsecCollector{} | ||
} | ||
|
||
// Describe describes the metrics | ||
func (*ipsecCollector) Describe(ch chan<- *prometheus.Desc) { | ||
ch <- blockState | ||
ch <- activeTunnels | ||
} | ||
|
||
// Collect collects metrics from JunOS | ||
func (c *ipsecCollector) Collect(client *rpc.Client, ch chan<- prometheus.Metric, labelValues []string) error { | ||
var x = IpsecRpc{} | ||
err := client.RunCommandAndParse("show security ipsec security-associations", &x) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
ls := append(labelValues, "active tunnels", "") | ||
ch <- prometheus.MustNewConstMetric(activeTunnels, prometheus.GaugeValue, float64(x.Information.ActiveTunnels), ls...) | ||
|
||
for _, block := range x.Information.SecurityAssociations { | ||
c.collectForSecurityAssociation(block, ch, labelValues) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func (c *ipsecCollector) collectForSecurityAssociation(block IpsecSecurityAssociationBlock, ch chan<- prometheus.Metric, labelValues []string) { | ||
// build SA name | ||
var saName string | ||
var saDesc string | ||
for _, sa := range block.SecurityAssociations { | ||
saName = sa.RemoteGateway | ||
saDesc = fmt.Sprintf("security association for remote gateway %s", sa.RemoteGateway) | ||
} | ||
lp := append(labelValues, saDesc, saName) | ||
stateVal := stateToInt(&block.State) | ||
ch <- prometheus.MustNewConstMetric(blockState, prometheus.GaugeValue, float64(stateVal), lp...) | ||
} | ||
|
||
func stateToInt(state *string) int { | ||
retval := 0 | ||
|
||
if *state == "up" { | ||
retval = 1 | ||
} | ||
|
||
return retval | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package ipsec | ||
|
||
// IpsecRpc is the root element for xml unmarshalling | ||
type IpsecRpc struct { | ||
Information struct { | ||
ActiveTunnels int `xml:"total-active-tunnels"` | ||
SecurityAssociations []IpsecSecurityAssociationBlock `xml:"ipsec-security-associations-block"` | ||
} `xml:"ipsec-security-associations-information"` | ||
} | ||
|
||
// IpsecSecurityAssociationBlock is used for xml unmarshalling | ||
type IpsecSecurityAssociationBlock struct { | ||
State string `xml:"sa-block-state"` | ||
SecurityAssociations []IpsecSecurityAssociation `xml:"ipsec-security-associations"` | ||
} | ||
|
||
// IpsecSecurityAssociation is used for xml unmarshalling | ||
type IpsecSecurityAssociation struct { | ||
Direction string `xml:"sa-direction"` | ||
TunnelIndex int64 `xml:"sa-tunnel-index"` | ||
Spi string `xml:"sa-spi"` | ||
AuxSpi string `xml:"sa-aux-spi"` | ||
RemoteGateway string `xml:"sa-remote-gateway"` | ||
Port int `xml:"sa-port"` | ||
MonitoringState string `xml:"sa-vpn-monitoring-state"` | ||
Protocol string `xml:"sa-protocol"` | ||
EspEncryptionAlgorithm string `xml:"sa-esp-encryption-algorithm"` | ||
HmacAlgorithm string `xml:"sa-hmac-algorithm"` | ||
HardLifetime string `xml:"sa-hard-lifetime"` | ||
LifesizeRemaining string `xml:"sa-lifesize-remaining"` | ||
VirtualSystem string `xml:"sa-virtual-system"` | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters