/ipsec-prometheus-exporter

Prometheus exporter for strongSwan IPsec

Primary LanguageGoMIT LicenseMIT

IPsec Prometheus Exporter

The IPsec Prometheus exporter subscribes to the strongSwan via Vici API and exposes Security Associations (SAs) metrics.

Collected metrics (together with application metrics) are exposed on /metrics endpoint. Prometheus target is then configured with this endpoint and port e.g. http://localhost:8079/metrics.

Configuration

IPsec Prometheus exporter configuration yaml file is optional. If not provided, the default values are used.

Config file

If the default value match with your choice you can omit it.

# Logger configuration
logging:
  # logging level - default: INFO
  level: DEBUG

# HTTP server configuration
server:
  # server port - default: 8079
  port: 8080

# Vici configuration
vici:
  # Vici network scheme - default: tcp
  network: "udp"
  # Vici host is the ip-address or hostname.
  # Default values for hostname is "localhost".
  # IPv6 is supported. Use host in format of "[fd12:3456:789a::1]".
  host: "127.0.0.1"
  # Vici port - default: 4502
  port: 30123

Value Definition

Metric Value Description
strongswan_*_status 0 The tunnel is installed and is up and running.
strongswan_*_status 1 The connection is established.
strongswan_*_status 2 The tunnel or connection is down.
strongswan_*_status 3 The tunnel or connection status is not recognized.

Build & Run

To build the binary run:

make build

Run the binary with optional config parameter provided:

./ipsec-prometheus-exporter [--config=<path to yaml config file>]

Docker image

Public docker image is available for multiple platforms: https://hub.docker.com/r/torilabs/ipsec-prometheus-exporter

docker run -it -p 8079:8079 -v $(pwd)/my-config.yaml:/config.yaml --rm torilabs/ipsec-prometheus-exporter:latest