Hi,
I tried to create a template to monitor WireGuard with Zabbix.
WireGuard does not really provide any monitoring tool so I had to do with "wg show" commands.
It's probably not perfect so if you want to help I'm interested.
Template provides 2 discovery rules :
Interfaces Discovery (wg0, wg1...) :
- Items to get active peers, total peers, port used and check firewall mark.
- Triggers to check changes on port, fwmark and numbers of clients.
- Graph to monitor active and total peers (even if connections are never released by WG once established).
Peers Discovery (based on public key) :
I had to truncate keys to 10 characters for easy reading. It should not be a problem because they're random.
- Items to get for each endpoint : allowed IPs, IP address, port used, incoming/outgoing traffic, keepalive status and the last handshake.
- Triggers to track changes on allowed IPs, connection port, IP address, keeaplive status and to monitor high traffic and unreachable endpoint.
- Graph to monitor incoming/outgoing network traffic.
This template may work with previous versions of Zabbix but it was tested for Zabbix 4.0 on a Debian 9.6 server.
Please follow the link for instructions and files.
Have fun !
Cryptage21
There are no macros links in this template.
There are no template links in this template.
| Name | Description | Type | Key and additional info |
|---|---|---|---|
| WireGuard Interfaces Discovery | - |
Zabbix agent |
wg.list.discovery[INTERFACES] Update: 3600s |
| WireGuard Peers Discovery | - |
Zabbix agent |
wg.list.discovery[PEERS] Update: 3600s |
| Name | Description | Type | Key and additional info |
|---|---|---|---|
| Firewall mark enabled on {#WGINTERFACE} | - |
Zabbix agent |
wg.fw.mark[{#WGINTERFACE}] Update: 60m LLD |
| Active peers on {#WGINTERFACE} | - |
Zabbix agent |
wg.peers.connected[{#WGINTERFACE}] Update: 15m LLD |
| Total peers on {#WGINTERFACE} | - |
Zabbix agent |
wg.peers.count[{#WGINTERFACE}] Update: 30m LLD |
| Port used on {#WGINTERFACE} | - |
Zabbix agent |
wg.port.used[{#WGINTERFACE}] Update: 60m LLD |
| Endpoint IP address for peer {#PEER}... on {#INTERFACE} | - |
Zabbix agent |
wg.endpoint.address[{#PEER}] Update: 15m LLD |
| Allowed IPs for peer {#PEER}... on {#INTERFACE} | - |
Zabbix agent |
wg.endpoint.allowedips[{#PEER}] Update: 30m LLD |
| Last handshake for peer {#PEER}... on {#INTERFACE} | - |
Zabbix agent |
wg.endpoint.handshake[{#PEER}] Update: 10m LLD |
| Keepalive enabled for peer {#PEER}... on {#INTERFACE} | - |
Zabbix agent |
wg.endpoint.keepalive[{#PEER}] Update: 30m LLD |
| Endpoint port for peer {#PEER}... on {#INTERFACE} | - |
Zabbix agent |
wg.endpoint.port[{#PEER}] Update: 15m LLD |
| Incoming traffic for peer {#PEER}... on {#INTERFACE} | - |
Zabbix agent |
wg.endpoint.transferdown[{#PEER}] Update: 5m LLD |
| Outgoing traffic for peer {#PEER}... on {#INTERFACE} | - |
Zabbix agent |
wg.endpoint.transferup[{#PEER}] Update: 5m LLD |
| Name | Description | Expression | Priority |
|---|---|---|---|
| Connection port changed on {#WGINTERFACE} {HOST.NAME} VPN | - |
Expression: (last(/App WireGuard/wg.port.used[{#WGINTERFACE}],#1)<>last(/App WireGuard/wg.port.used[{#WGINTERFACE}],#2))=1 Recovery expression: |
warning |
| Firewall mark changed on {#WGINTERFACE} {HOST.NAME} VPN | - |
Expression: (last(/App WireGuard/wg.fw.mark[{#WGINTERFACE}],#1)<>last(/App WireGuard/wg.fw.mark[{#WGINTERFACE}],#2))=1 Recovery expression: |
warning |
| Less clients connected on {#WGINTERFACE} {HOST.NAME} VPN | - |
Expression: change(/App WireGuard/wg.peers.connected[{#WGINTERFACE}])<=-1 Recovery expression: |
information |
| More clients connected on {#WGINTERFACE} {HOST.NAME} VPN | - |
Expression: change(/App WireGuard/wg.peers.connected[{#WGINTERFACE}])>=1 Recovery expression: |
information |
| Peers added on {#WGINTERFACE} {HOST.NAME} VPN | - |
Expression: change(/App WireGuard/wg.peers.count[{#WGINTERFACE}])>=1 Recovery expression: |
information |
| Peers removed on {#WGINTERFACE} {HOST.NAME} VPN | - |
Expression: change(/App WireGuard/wg.peers.count[{#WGINTERFACE}])<=-1 Recovery expression: |
information |
| Allowed IPs list altered for {#PEER}... peer on {HOST.NAME} | - |
Expression: (last(/App WireGuard/wg.endpoint.allowedips[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.allowedips[{#PEER}],#2))=1 Recovery expression: |
high |
| Connection port changed for {#PEER}... peer on {HOST.NAME} | - |
Expression: (last(/App WireGuard/wg.endpoint.port[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.port[{#PEER}],#2))=1 Recovery expression: |
information |
| High incoming traffic for {#PEER}... peer on {HOST.NAME} | - |
Expression: change(/App WireGuard/wg.endpoint.transferdown[{#PEER}])>52428800 Recovery expression: |
average |
| High outgoing traffic for {#PEER}... peer on {HOST.NAME} | - |
Expression: change(/App WireGuard/wg.endpoint.transferup[{#PEER}])>52428800 Recovery expression: |
average |
| IP address changed for {#PEER}... peer on {HOST.NAME} | - |
Expression: (last(/App WireGuard/wg.endpoint.address[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.address[{#PEER}],#2))=1 Recovery expression: |
information |
| Keepalived changed for {#PEER}... peer on {HOST.NAME} | - |
Expression: (last(/App WireGuard/wg.endpoint.keepalive[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.keepalive[{#PEER}],#2))=1 Recovery expression: |
warning |
| Unreachable {#PEER}... peer on {HOST.NAME} for 30 minutes | - |
Expression: fuzzytime(/App WireGuard/wg.endpoint.handshake[{#PEER}],1800s)=0 Recovery expression: |
high |
| Connection port changed on {#WGINTERFACE} {HOST.NAME} VPN (LLD) | - |
Expression: (last(/App WireGuard/wg.port.used[{#WGINTERFACE}],#1)<>last(/App WireGuard/wg.port.used[{#WGINTERFACE}],#2))=1 Recovery expression: |
warning |
| Firewall mark changed on {#WGINTERFACE} {HOST.NAME} VPN (LLD) | - |
Expression: (last(/App WireGuard/wg.fw.mark[{#WGINTERFACE}],#1)<>last(/App WireGuard/wg.fw.mark[{#WGINTERFACE}],#2))=1 Recovery expression: |
warning |
| Less clients connected on {#WGINTERFACE} {HOST.NAME} VPN (LLD) | - |
Expression: change(/App WireGuard/wg.peers.connected[{#WGINTERFACE}])<=-1 Recovery expression: |
information |
| More clients connected on {#WGINTERFACE} {HOST.NAME} VPN (LLD) | - |
Expression: change(/App WireGuard/wg.peers.connected[{#WGINTERFACE}])>=1 Recovery expression: |
information |
| Peers added on {#WGINTERFACE} {HOST.NAME} VPN (LLD) | - |
Expression: change(/App WireGuard/wg.peers.count[{#WGINTERFACE}])>=1 Recovery expression: |
information |
| Peers removed on {#WGINTERFACE} {HOST.NAME} VPN (LLD) | - |
Expression: change(/App WireGuard/wg.peers.count[{#WGINTERFACE}])<=-1 Recovery expression: |
information |
| Allowed IPs list altered for {#PEER}... peer on {HOST.NAME} (LLD) | - |
Expression: (last(/App WireGuard/wg.endpoint.allowedips[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.allowedips[{#PEER}],#2))=1 Recovery expression: |
high |
| Connection port changed for {#PEER}... peer on {HOST.NAME} (LLD) | - |
Expression: (last(/App WireGuard/wg.endpoint.port[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.port[{#PEER}],#2))=1 Recovery expression: |
information |
| High incoming traffic for {#PEER}... peer on {HOST.NAME} (LLD) | - |
Expression: change(/App WireGuard/wg.endpoint.transferdown[{#PEER}])>52428800 Recovery expression: |
average |
| High outgoing traffic for {#PEER}... peer on {HOST.NAME} (LLD) | - |
Expression: change(/App WireGuard/wg.endpoint.transferup[{#PEER}])>52428800 Recovery expression: |
average |
| IP address changed for {#PEER}... peer on {HOST.NAME} (LLD) | - |
Expression: (last(/App WireGuard/wg.endpoint.address[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.address[{#PEER}],#2))=1 Recovery expression: |
information |
| Keepalived changed for {#PEER}... peer on {HOST.NAME} (LLD) | - |
Expression: (last(/App WireGuard/wg.endpoint.keepalive[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.keepalive[{#PEER}],#2))=1 Recovery expression: |
warning |
| Unreachable {#PEER}... peer on {HOST.NAME} for 30 minutes (LLD) | - |
Expression: fuzzytime(/App WireGuard/wg.endpoint.handshake[{#PEER}],1800s)=0 Recovery expression: |
high |