diff --git a/README.md b/README.md index 974d383..91d8fe9 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,8 @@ Templates, scripts and hints for Zabbix. * [Applications](templates/applications) * [MiniDLNA](templates/applications/minidlna/6.0) + * [VPN](templates/applications/vpn) + * [OpenVPN](templates/applications/vpn/openvpn/6.0) ## Useful links diff --git a/templates/applications/vpn/openvpn/6.0/README.md b/templates/applications/vpn/openvpn/6.0/README.md new file mode 100755 index 0000000..263f945 --- /dev/null +++ b/templates/applications/vpn/openvpn/6.0/README.md @@ -0,0 +1,64 @@ + +# OpenVPN by Zabbix agent + +## Overview + +This template is designed for [OpenVPN](https://openvpn.net/) monitoring by Zabbix agent and requires external script. + +## Requirements + +- Zabbix version: 6.0 and higher. +- [ovpn_status.py](https://git.hmp.today/pavel.muhortov/openvpn-management#ovpn_status-py) + +## Tested versions + +This template has been tested on: + +- OpenVPN Server 2.5.1 + +### Macros used + +There are no macros in this template. + +### Items + +|Name|Description|Type|Key and additional info| +|----|-----------|----|-----------------------| +|OpenVPN stats|-|Zabbix agent|discovery.ovpn| +|OpenVPN stats updated|-|Dependent item|ovpn.stats.updated| +|OpenVPN expiration ca|-|Dependent item|ovpn.expiration.ca| +|OpenVPN expiration cert|-|Dependent item|ovpn.expiration.cert| +|OpenVPN clients limit|-|Dependent item|ovpn.clients.limit| +|OpenVPN clients count|-|Dependent item|ovpn.stats.clients_count| +|OpenVPN clients found|-|Dependent item|ovpn.stats.clients_found| + +### Triggers + +|Name|Description|Expression|Severity|Dependencies and additional info| +|----|-----------|----------|--------|--------------------------------| +|Maximum number of OpenVPN clients reached|-|max(/OpenVPN by Zabbix agent/ovpn.stats.clients_count,#1)>=max(/OpenVPN by Zabbix agent/ovpn.clients.limit,#1)|Average|Manual close: No| +|OpenVPN ca certificate expires in 90 days|-||Warning|Manual close: No| +|OpenVPN ca certificate expires in 30 days|-||Average|Manual close: No| +|OpenVPN ca certificate expires in 7 days|-||High|Manual close: No| +|OpenVPN ca certificate expires in 1 day|-||Disaster|Manual close: No| +|OpenVPN cert certificate expires in 90 days|-|last(/OpenVPN by Zabbix agent/ovpn.expiration.cert,#1)<7776000|Warning|Manual close: No| +|OpenVPN cert certificate expires in 30 days|-|last(/OpenVPN by Zabbix agent/ovpn.expiration.cert,#1)<2592000|Average|Manual close: No| +|OpenVPN cert certificate expires in 7 days|-|last(/OpenVPN by Zabbix agent/ovpn.expiration.cert,#1)<604800|High|Manual close: No| +|OpenVPN cert certificate expires in 1 days|-|last(/OpenVPN by Zabbix agent/ovpn.expiration.cert,#1)<86400|Disaster|Manual close: No| + +### Discovery rules + +|Name|Description|Type|Key and additional info| +|----|-----------|----|-----------------------| +|Discovery openvpn clients|The discovery of clients|Dependent item|get.ovpn.stats| + +### Item prototypes for Clients discovery + +|Name|Description|Type|Key and additional info| +|----|-----------|----|-----------------------| +|OpenVPN client "{#OVPN_CLIENT_NAME}" bytes recieved|-|Dependent item|ovpn.client.b_rx.name[{#OVPN_CLIENT_NAME}]| +|OpenVPN client "{#OVPN_CLIENT_NAME}" bytes transmitted|-|Dependent item|ovpn.client.b_tx.name[{#OVPN_CLIENT_NAME}]| +|OpenVPN client "{#OVPN_CLIENT_NAME}" connect duration|-|Dependent item|ovpn.client.t_cd.name[{#OVPN_CLIENT_NAME}]| +|OpenVPN client "{#OVPN_CLIENT_NAME}" connect time|-|Dependent item|ovpn.client.t_cs.name[{#OVPN_CLIENT_NAME}]| +|OpenVPN client "{#OVPN_CLIENT_NAME}" real ip|-|Dependent item|ovpn.client.r_ip.name[{#OVPN_CLIENT_NAME}]| +|OpenVPN client "{#OVPN_CLIENT_NAME}" virtual ip|-|Dependent item|ovpn.client.v_ip.name[{#OVPN_CLIENT_NAME}]| diff --git a/templates/applications/vpn/openvpn/6.0/openvpn_by_zabbix_agent.yaml b/templates/applications/vpn/openvpn/6.0/openvpn_by_zabbix_agent.yaml new file mode 100755 index 0000000..58d7553 --- /dev/null +++ b/templates/applications/vpn/openvpn/6.0/openvpn_by_zabbix_agent.yaml @@ -0,0 +1,610 @@ +zabbix_export: + version: '6.0' + date: '2023-08-16T11:10:16Z' + groups: + - + uuid: a571c0d144b14fd4a87a9d9b2aa9fcd6 + name: Templates/Applications + templates: + - + uuid: c3272861e3ff46e2b3daa302066c53c7 + template: 'OpenVPN by Zabbix agent' + name: 'OpenVPN by Zabbix agent' + description: 'OpenVPN by Zabbix agent' + groups: + - + name: Templates/Applications + items: + - + uuid: 51151af0bb704668a1bb3b390cee2039 + name: 'OpenVPN stats' + key: discovery.ovpn + history: 14d + trends: '0' + value_type: TEXT + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: raw + - + uuid: 877b2f94cd4645fcaae13543f42d79be + name: 'OpenVPN clients limit' + type: DEPENDENT + key: ovpn.clients.limit + delay: '0' + history: 14d + units: client + preprocessing: + - + type: JSONPATH + parameters: + - $.clients_limit + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN server' + value: 'clients limit' + - + uuid: 00c5526a838e4f7791b4edafc20bb094 + name: 'OpenVPN expiration ca' + type: DEPENDENT + key: ovpn.expiration.ca + delay: '0' + history: 14d + units: s + preprocessing: + - + type: JSONPATH + parameters: + - $.ca_expiration + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN server' + value: expiration + triggers: + - + uuid: 34fbc5a346d0458c8e529b92f0aa39c5 + expression: 'last(/OpenVPN by Zabbix agent/ovpn.expiration.ca,#1)<86400' + name: 'OpenVPN ca certificate expires in 1 day' + priority: DISASTER + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: expiration + - + uuid: 016c7d7c40b342c883ff81d0a5817b75 + expression: 'last(/OpenVPN by Zabbix agent/ovpn.expiration.ca,#1)<604800' + name: 'OpenVPN ca certificate expires in 7 days' + priority: HIGH + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: expiration + - + uuid: 2d9f9da08348499ab9b7584a9386abfc + expression: 'last(/OpenVPN by Zabbix agent/ovpn.expiration.ca,#1)<2592000' + name: 'OpenVPN ca certificate expires in 30 days' + priority: AVERAGE + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: expiration + - + uuid: 65912ffeb36a4b2c8bae996c0b865f69 + expression: 'last(/OpenVPN by Zabbix agent/ovpn.expiration.ca,#1)<7776000' + name: 'OpenVPN ca certificate expires in 90 days' + priority: WARNING + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: expiration + - + uuid: 591d03b0553645788c5b178670cb8bc9 + name: 'OpenVPN expiration cert' + type: DEPENDENT + key: ovpn.expiration.cert + delay: '0' + history: 14d + units: s + preprocessing: + - + type: JSONPATH + parameters: + - $.ce_expiration + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN server' + value: expiration + triggers: + - + uuid: 6a2bc06ed9944e95bfdec45af330bd53 + expression: 'last(/OpenVPN by Zabbix agent/ovpn.expiration.cert,#1)<86400' + name: 'OpenVPN cert certificate expires in 1 day' + priority: DISASTER + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: expiration + - + uuid: da6ae766472541e8addb2712584289c7 + expression: 'last(/OpenVPN by Zabbix agent/ovpn.expiration.cert,#1)<604800' + name: 'OpenVPN cert certificate expires in 7 days' + priority: HIGH + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: expiration + - + uuid: 5571d2aa00a2479889bdd853b37d7160 + expression: 'last(/OpenVPN by Zabbix agent/ovpn.expiration.cert,#1)<2592000' + name: 'OpenVPN cert certificate expires in 30 days' + priority: AVERAGE + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: expiration + - + uuid: 083b3ed043db4d209b093056c04605c3 + expression: 'last(/OpenVPN by Zabbix agent/ovpn.expiration.cert,#1)<7776000' + name: 'OpenVPN cert certificate expires in 90 days' + priority: WARNING + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: expiration + - + uuid: 5ba0b1d455444ec8851c4cdda408ed24 + name: 'OpenVPN clients count' + type: DEPENDENT + key: ovpn.stats.clients_count + delay: '0' + history: 14d + units: clients + preprocessing: + - + type: JSONPATH + parameters: + - $.clients_count + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: 'clients count' + - + uuid: 731f61d192f944769aaf82c2fb05676b + name: 'OpenVPN clients found' + type: DEPENDENT + key: ovpn.stats.clients_found + delay: '0' + history: 14d + units: clients + preprocessing: + - + type: JSONPATH + parameters: + - $.clients_found + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: 'clients found' + - + uuid: f38e82ba64f14385bd60a1397eda278c + name: 'OpenVPN stats updated' + type: DEPENDENT + key: ovpn.stats.updated + delay: '0' + history: 14d + trends: '0' + value_type: TEXT + preprocessing: + - + type: JSONPATH + parameters: + - $.stats_updated + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN stats' + value: updated + discovery_rules: + - + uuid: f6b3ac3373544c1f820c207234177816 + name: 'Discovery openvpn clients' + type: DEPENDENT + key: get.ovpn.stats + delay: '0' + item_prototypes: + - + uuid: fc55509717fc4ee7bef6f684932ee01a + name: 'OpenVPN client "{#OVPN_CLIENT_NAME}" bytes recieved' + type: DEPENDENT + key: 'ovpn.client.b_rx.name[{#OVPN_CLIENT_NAME}]' + delay: '0' + history: 14d + units: B + preprocessing: + - + type: JSONPATH + parameters: + - '$.data.[?(@.name=="{#OVPN_CLIENT_NAME}")].b_rx.first()' + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN client' + value: '{#OVPN_CLIENT_NAME}' + - + uuid: e75ed01ce6cd45e0822e021f6733b115 + name: 'OpenVPN client "{#OVPN_CLIENT_NAME}" bytes transmitted' + type: DEPENDENT + key: 'ovpn.client.b_tx.name[{#OVPN_CLIENT_NAME}]' + delay: '0' + history: 14d + units: B + preprocessing: + - + type: JSONPATH + parameters: + - '$.data.[?(@.name=="{#OVPN_CLIENT_NAME}")].b_tx.first()' + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN client' + value: '{#OVPN_CLIENT_NAME}' + - + uuid: 332feedbbd314a479ba27d43c7bb7523 + name: 'OpenVPN client "{#OVPN_CLIENT_NAME}" real ip' + type: DEPENDENT + key: 'ovpn.client.r_ip.name[{#OVPN_CLIENT_NAME}]' + delay: '0' + history: 14d + trends: '0' + value_type: TEXT + preprocessing: + - + type: JSONPATH + parameters: + - '$.data.[?(@.name=="{#OVPN_CLIENT_NAME}")].r_ip.first()' + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN client' + value: '{#OVPN_CLIENT_NAME}' + - + tag: 'OpenVPN stats' + value: 'real ip' + - + uuid: 0dc7671cdc9b47c6a7c06b47a8de25ca + name: 'OpenVPN client "{#OVPN_CLIENT_NAME}" connect duration' + type: DEPENDENT + key: 'ovpn.client.t_cd.name[{#OVPN_CLIENT_NAME}]' + delay: '0' + history: 14d + units: s + preprocessing: + - + type: JSONPATH + parameters: + - '$.data.[?(@.name=="{#OVPN_CLIENT_NAME}")].t_cd.first()' + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN client' + value: '{#OVPN_CLIENT_NAME}' + - + uuid: 127fd46950194d9ba5325f183cb6e940 + name: 'OpenVPN client "{#OVPN_CLIENT_NAME}" connect time' + type: DEPENDENT + key: 'ovpn.client.t_cs.name[{#OVPN_CLIENT_NAME}]' + delay: '0' + history: 14d + trends: '0' + value_type: TEXT + preprocessing: + - + type: JSONPATH + parameters: + - '$.data.[?(@.name=="{#OVPN_CLIENT_NAME}")].t_cs.first()' + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN client' + value: '{#OVPN_CLIENT_NAME}' + - + uuid: 2bb9be1dd4a041b09e68f7e9022676d4 + name: 'OpenVPN client "{#OVPN_CLIENT_NAME}" virtual ip' + type: DEPENDENT + key: 'ovpn.client.v_ip.name[{#OVPN_CLIENT_NAME}]' + delay: '0' + history: 14d + trends: '0' + value_type: TEXT + preprocessing: + - + type: JSONPATH + parameters: + - '$.data.[?(@.name=="{#OVPN_CLIENT_NAME}")].v_ip.first()' + master_item: + key: discovery.ovpn + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN client' + value: '{#OVPN_CLIENT_NAME}' + - + tag: 'OpenVPN stats' + value: 'virtual ip' + graph_prototypes: + - + uuid: 0e740374d0d7435990fba99d19211947 + name: 'OpenVPN client "{#OVPN_CLIENT_NAME}" connect duration' + show_work_period: 'NO' + show_triggers: 'NO' + graph_items: + - + color: FFBF00 + item: + host: 'OpenVPN by Zabbix agent' + key: 'ovpn.client.t_cd.name[{#OVPN_CLIENT_NAME}]' + - + uuid: 48b62a9621c64082919a6e041defc546 + name: 'OpenVPN client "{#OVPN_CLIENT_NAME}" traffic' + graph_items: + - + drawtype: GRADIENT_LINE + color: 00FF00 + item: + host: 'OpenVPN by Zabbix agent' + key: 'ovpn.client.b_rx.name[{#OVPN_CLIENT_NAME}]' + - + sortorder: '1' + drawtype: BOLD_LINE + color: 0080FF + item: + host: 'OpenVPN by Zabbix agent' + key: 'ovpn.client.b_tx.name[{#OVPN_CLIENT_NAME}]' + master_item: + key: discovery.ovpn + lld_macro_paths: + - + lld_macro: '{#OVPN_CLIENT_NAME}' + path: $..name.first() + - + lld_macro: '{#OVPN_CLIENT_R_IP}' + path: $..r_ip.first() + - + lld_macro: '{#OVPN_CLIENT_V_IP}' + path: $..v_ip.first() + - + lld_macro: '{#OVPN_CLIENT_B_RX}' + path: $..b_rx.first() + - + lld_macro: '{#OVPN_CLIENT_B_TX}' + path: $..b_tx.first() + - + lld_macro: '{#OVPN_CLIENT_T_CS}' + path: $..t_cs.first() + - + lld_macro: '{#OVPN_CLIENT_T_CD}' + path: $..t_cd.first() + dashboards: + - + uuid: d25222f632c74c83ac80c8cbce480db0 + name: OpenVPN + auto_start: 'NO' + pages: + - + name: Server + widgets: + - + type: ITEM + width: '5' + hide_header: 'YES' + fields: + - + type: ITEM + name: itemid + value: + host: 'OpenVPN by Zabbix agent' + key: ovpn.expiration.ca + - + type: ITEM + x: '6' + width: '5' + hide_header: 'YES' + fields: + - + type: ITEM + name: itemid + value: + host: 'OpenVPN by Zabbix agent' + key: ovpn.expiration.cert + - + type: GRAPH_CLASSIC + 'y': '2' + width: '11' + height: '5' + hide_header: 'YES' + fields: + - + type: GRAPH + name: graphid + value: + host: 'OpenVPN by Zabbix agent' + name: 'OpenVPN certificates expiration' + - + name: Clients + widgets: + - + type: ITEM + width: '5' + hide_header: 'YES' + fields: + - + type: ITEM + name: itemid + value: + host: 'OpenVPN by Zabbix agent' + key: ovpn.stats.clients_count + - + type: ITEM + x: '6' + width: '5' + hide_header: 'YES' + fields: + - + type: ITEM + name: itemid + value: + host: 'OpenVPN by Zabbix agent' + key: ovpn.stats.clients_found + - + type: GRAPH_PROTOTYPE + 'y': '7' + width: '11' + height: '5' + fields: + - + type: INTEGER + name: columns + value: '1' + - + type: GRAPH_PROTOTYPE + name: graphid + value: + host: 'OpenVPN by Zabbix agent' + name: 'OpenVPN client "{#OVPN_CLIENT_NAME}" traffic' + - + type: GRAPH_CLASSIC + 'y': '2' + width: '11' + height: '5' + hide_header: 'YES' + fields: + - + type: GRAPH + name: graphid + value: + host: 'OpenVPN by Zabbix agent' + name: 'OpenVPN clients sum' + triggers: + - + uuid: 022e1211349c48a4be951588cda2dba0 + expression: 'max(/OpenVPN by Zabbix agent/ovpn.stats.clients_count,#1)>=max(/OpenVPN by Zabbix agent/ovpn.clients.limit,#1)' + name: 'Maximum number of OpenVPN clients reached' + priority: AVERAGE + tags: + - + tag: Application + value: OpenVPN + - + tag: 'OpenVPN server' + value: 'clients limit' + graphs: + - + uuid: a23bdc304f5d49e1b42597f9cbd4e840 + name: 'OpenVPN certificates expiration' + graph_items: + - + drawtype: GRADIENT_LINE + color: FFBF00 + item: + host: 'OpenVPN by Zabbix agent' + key: ovpn.expiration.ca + - + sortorder: '1' + drawtype: BOLD_LINE + color: FF8000 + item: + host: 'OpenVPN by Zabbix agent' + key: ovpn.expiration.cert + - + uuid: 94d1e1cc40424214a291067790d3db89 + name: 'OpenVPN clients sum' + graph_items: + - + color: FF8000 + item: + host: 'OpenVPN by Zabbix agent' + key: ovpn.stats.clients_count + - + sortorder: '1' + color: FFBF00 + item: + host: 'OpenVPN by Zabbix agent' + key: ovpn.stats.clients_found