f5006d51e8
* make remark access all directories * detailed fix after autofix by remark lint * cross check autofix for this set of files * crosscheck more files * crosschecking and small fixes * crosscheck autofixed md files |
||
|---|---|---|
| .. | ||
| libreswan.chart.sh | ||
| libreswan.conf | ||
| Makefile.inc | ||
| README.md | ||
libreswan
The plugin will collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels.
The following charts are created, per tunnel:
- Uptime
- the uptime of the tunnel
- Traffic
- bytes in
- bytes out
configuration
Its config file is /etc/netdata/charts.d/libreswan.conf.
The plugin executes 2 commands to collect all the information it needs:
ipsec whack --status
ipsec whack --trafficstatus
The first command is used to extract the currently established tunnels, their IDs and their names. The second command is used to extract the current uptime and traffic.
Most probably user netdata will not be able to query libreswan, so the ipsec commands will be denied.
The plugin attempts to run ipsec as sudo ipsec ..., to get access to libreswan statistics.
To allow user netdata execute sudo ipsec ..., create the file /etc/sudoers.d/netdata with this content:
netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --status
netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --trafficstatus
Make sure the path /sbin/ipsec matches your setup (execute which ipsec to find the right path).