Nagios OpenVPN User Count Plugin/Check

So this is one of my first checks I have written for Nagios in Python. I developed the script originally just to return performance data and always return a status of ‘0’ (ok). This was so I can view the total users connected and plot the data in a graph. However I have also added some switches so a warning and critical event can be triggered.

This script has been tested on CentOS 5.11 running Nagios Core 4 and Python 2.4. You will need a basic understanding on how to configure Nagios to install this check. The example below is for a local check, meaning OpenVPN is running on the same box as Nagios itself.

Installing the check:

  1. First ensure that the nagios user can read ‘/etc/openvpn/openvpn-status.log’ and ‘status openvpn-status.log’ is set in your OpenVPN config file.
  2. Save the below script to ‘/usr/local/nagios/libexec/’.

    # Nagios OpenVPN Total User Check (CentOS 5)
    # Website
    # Version 2 (Python 2.4)
    # Date 14/10/2015
    # By Thomas Chubb
    # Import required modules
    import os
    import re
    from sys import exit
    from optparse import OptionParser
    # Parse args
    parser = OptionParser()
    parser.add_option('-w', '--warning', dest='warning',type='int',help='Number of VPN users to return a warning status')
    parser.add_option('-c', '--critical', dest='critical',type='int',help='Number of VPN users to return a critical status')
    (options, args) = parser.parse_args()
    # Error if arguments are missing
    if options.warning == None:
        parser.error('You must set the warning and critical arguments!')
    # Read the OpenVPN status file
    statusFile = open('/etc/openvpn/openvpn-status.log', 'r')
    data =
    # Parse the file
    pattern = re.compile('(\d+\\.\d+\\.\d+\\.\d+):(\d+),(\d+),(\d+)')
    matches = pattern.findall(data)
    # Output results
    if matches is not None:
        # Count connected clients
        totalUsers = len(matches)
        # Work out the wording
        if totalUsers == 1:
            wording = 'Currently 1 VPN client connected.'
        elif totalUsers == 0:
            wording = 'Currently no VPN clients connected.'
            wording = 'Currently ' + str(totalUsers) + ' VPN clients connected.'
        wording = wording + '|totalusers=' + str(totalUsers)
        # Return results
        if totalUsers >= options.critical:
            print 'CRITICAL -',wording
        elif totalUsers >= options.warning:
            print 'WARNING -',wording
            print 'OK -',wording
        print 'Error parsing file'


  3. Once saved chown and set the permissions on the file. In my case nagios uses a user called ‘nagios’.
    chown nagios:nagios /usr/local/nagios/libexec/
    chmod u=rwx,g=,o= /usr/local/nagios/libexec/
  4. Add the following lines to the ‘/usr/local/nagios/etc/objects/commands.cfg’ file using a text editor such as vi or nano. (this is for a local check, use NRPE for remote checks)
    define command{
            command_name check_openvpn_totalusers
            command_line $USER1$/ -w $ARG1$ -c $ARG2$ 
  5. Then you need to create a service on a host. The below example add the check to a host called ‘openvpn’ and checks it every minute. It is set to go critical at 25 or more users and warning at 20 or more users.
    define service{
            use                             local-service
            host_name                       openvn
            normal_check_interval           1
            service_description             OpenVPN Total Users
            check_command                   check_openvpn_totalusers!20!25
  6. Once the configuration is complete, restart Nagios.
    service nagios restart
  7. It should now work!



As you can see it returns performance data so you can could use pnp4nagios for example to graph the data.

This entry was posted in Linux and tagged , , , , . Bookmark the permalink.