Hello,
I’m looking for a decent way to monitor OpenConnect VPN server - number of currently connected sessions as a starting point. I’m using VyOS 1.5-rolling-202501110007 in my lab.
What’s the easiest approach here?
I monitor OS parameters using built-in zabbix agent already, but agent does not support system.run.
One of straightforward approaches would be ‘show openconnect-server session | grep ^sslvpn | wc -l’ via SSH, but I guess there should be other options?
TIA
You can make the agent do anything you want.
I do the following:
set service monitoring zabbix-agent directory '/config/zabbix/' (use whatever dir you want, but it makes sense to use something in /config so it gets copied on upgrade etc)
In my /config/zabbix I have a file called conntrack.conf with the following:
UserParameter=ip_conntrack_count,cat /proc/sys/net/netfilter/nf_conntrack_count
UserParameter=ip_conntrack_offload_count,conntrack -L -u offload 2>&1 | sed -n 's/.*: \([0-9]\+\) flow entries.*/\1/p'
This gives me two new items that track how many connection tracking entries I have, and how many of them are offloaded (flowtable) sessions.
But you could create /config/zabbix/system.conf and enable system run in there, or do whatever fancy trick(s) you want to get the stats you need.
Instead of having to create a userparameter, what I prefer to do is use the net.tcp.port zabbix agent key to have it make a TCP test connection to an IP on the other end of the VPN tunnel. This does a full test without having to create a custom config on the zabbix agent.
Looks like exactly what I need, thank you, I’ll give it a shot!
Not my case exactly as I’ll have plethora of different Win clients with FWs and such, but one of the approaches in other cases definitely, thanks.