Nagios OpenVPN User Count Plugin/Check

So this is one of my first checks I have written for Nagios in Python. I developed the script originally just to return performance data and always return a status of ‘0’ (ok). This was so I can view the total users connected and plot the data in a graph. However I have also added some switches so a warning and critical event can be triggered.

This script has been tested on CentOS 5.11 running Nagios Core 4 and Python 2.4. You will need a basic understanding on how to configure Nagios to install this check. The example below is for a local check, meaning OpenVPN is running on the same box as Nagios itself.

Installing the check:

  1. First ensure that the nagios user can read ‘/etc/openvpn/openvpn-status.log’ and ‘status openvpn-status.log’ is set in your OpenVPN config file.
  2. Save the below script to ‘/usr/local/nagios/libexec/check_openvpn_totalusers.py’.

    #!/usr/bin/python
    # Nagios OpenVPN Total User Check (CentOS 5)
    # Website blog.tchubb.co.uk
    # Version 2 (Python 2.4)
    # Date 14/10/2015
    # By Thomas Chubb
    
    # Import required modules
    import os
    import re
    from sys import exit
    from optparse import OptionParser
    
    # Parse args
    parser = OptionParser()
    parser.add_option('-w', '--warning', dest='warning',type='int',help='Number of VPN users to return a warning status')
    parser.add_option('-c', '--critical', dest='critical',type='int',help='Number of VPN users to return a critical status')
    (options, args) = parser.parse_args()
    
    # Error if arguments are missing
    if options.warning == None:
        parser.error('You must set the warning and critical arguments!')
    
    # Read the OpenVPN status file
    statusFile = open('/etc/openvpn/openvpn-status.log', 'r')
    data = statusFile.read()
    statusFile.close()
    
    # Parse the file
    pattern = re.compile('(\d+\\.\d+\\.\d+\\.\d+):(\d+),(\d+),(\d+)')
    matches = pattern.findall(data)
    
    # Output results
    if matches is not None:
        # Count connected clients
        totalUsers = len(matches)
    
        # Work out the wording
        if totalUsers == 1:
            wording = 'Currently 1 VPN client connected.'
        elif totalUsers == 0:
            wording = 'Currently no VPN clients connected.'
        else:
            wording = 'Currently ' + str(totalUsers) + ' VPN clients connected.'
    
        wording = wording + '|totalusers=' + str(totalUsers)
    
        # Return results
        if totalUsers >= options.critical:
            print 'CRITICAL -',wording
            exit(2)
        elif totalUsers >= options.warning:
            print 'WARNING -',wording
            exit(1)
        else:
            print 'OK -',wording
            exit(0)
    else:
        print 'Error parsing file'
        exit(3)
    

    check_openvpn_totalusers_v2

  3. Once saved chown and set the permissions on the file. In my case nagios uses a user called ‘nagios’.
    chown nagios:nagios /usr/local/nagios/libexec/check_openvpn_totalusers.py
    chmod u=rwx,g=,o= /usr/local/nagios/libexec/check_openvpn_totalusers.py
    
  4. Add the following lines to the ‘/usr/local/nagios/etc/objects/commands.cfg’ file using a text editor such as vi or nano. (this is for a local check, use NRPE for remote checks)
    define command{
            command_name check_openvpn_totalusers
            command_line $USER1$/check_openvpn_totalusers.py -w $ARG1$ -c $ARG2$ 
            }
  5. Then you need to create a service on a host. The below example add the check to a host called ‘openvpn’ and checks it every minute. It is set to go critical at 25 or more users and warning at 20 or more users.
    define service{
            use                             local-service
            host_name                       openvn
            normal_check_interval           1
            service_description             OpenVPN Total Users
            check_command                   check_openvpn_totalusers!20!25
            }
    
  6. Once the configuration is complete, restart Nagios.
    service nagios restart
    
  7. It should now work!

nagioscheck_openvpntotalusers1

nagioscheck_openvpntotalusers2

As you can see it returns performance data so you can could use pnp4nagios for example to graph the data.

This entry was posted in Linux and tagged , , , , . Bookmark the permalink.