feature: FreeRADIUS application monitoring (#7818)

* Update unbound.inc.php * Update unbound.inc.php * Create unbound_cache.inc.php * Update AUTHORS.md * Update apps.inc.php * Update bind.inc.php * Update bind.inc.php * Update bind.inc.php * Update bind.inc.php * Update tiles.php * Update Applications.md * Update Applications.md * Update Applications.md * Update Applications.md * Update Applications.md * Update Applications.md * Update apps.inc.php * Create freeradius_access.inc.php * Update functions.inc.php * Create freeradius_auth.inc.php * Create freeradius_accounting.inc.php * Create freeradius_proxy_access.inc.php * Create freeradius_proxy_auth.inc.php * Create freeradius_proxy_acct.inc.php * Create freeradius_queue.inc.php * Update and rename freeradius_accounting.inc.php to freeradius_acct.inc.php * Update apps.inc.php * Create freeradius.inc.php * Create freeradius.inc.php * Update freeradius.inc.php * Update freeradius.inc.php * Update freeradius.inc.php * Update freeradius.inc.php * Update freeradius.inc.php * Update Applications.md * Update Applications.md * Update freeradius_access.inc.php * Update freeradius_acct.inc.php * Update freeradius_access.inc.php * Update freeradius_auth.inc.php * Update freeradius_access.inc.php * Update freeradius_acct.inc.php * Update freeradius_proxy_access.inc.php * Update freeradius_proxy_acct.inc.php * Update freeradius_proxy_auth.inc.php * Update freeradius_queue.inc.php * Update freeradius_queue.inc.php * Update freeradius.inc.php * Update freeradius.inc.php * Update freeradius.inc.php * Update freeradius_acct.inc.php * Update freeradius_acct.inc.php * Update freeradius_access.inc.php * Update freeradius_access.inc.php * Update freeradius_auth.inc.php * Update freeradius_proxy_access.inc.php * Update freeradius_proxy_acct.inc.php * Update freeradius_proxy_auth.inc.php * Update freeradius_queue.inc.php
librenms · Dec 13, 2017 · 712201e · 712201e
1 parent 58afe78
commit 712201e
Show file tree

Hide file tree

Showing 12 changed files with 466 additions and 13 deletions.
diff --git a/doc/Extensions/Applications.md b/doc/Extensions/Applications.md
@@ -13,6 +13,7 @@ Different applications support a variety of ways to collect data: by direct conn
 1. [Fail2ban](#fail2ban) - SNMP extend
 1. [FreeBSD NFS Client](#freebsd-nfs-client) - SNMP extend
 1. [FreeBSD NFS Server](#freebsd-nfs-server) - SNMP extend
+1. [FreeRADIUS](#freeradius) - SNMP extend, Agent
 1. [Freeswitch](#freeswitch) - SNMP extend, Agent
 1. [GPSD](#gpsd) - Agent
 1. [Mailscanner](#mailscanner) - SNMP extend
@@ -258,32 +259,53 @@ extend fbsdnfsserver /etc/snmp/fbsdnfsserver
 4: Restart snmpd on your host
 
 
-### Mailscanner
-##### SNMP Extend
-1. Download the script onto the desired host (the host must be added to LibreNMS devices)
+### FreeRADIUS
+The FreeRADIUS application extension requires that status_server be enabled in your FreeRADIUS config.  For more information see: https://wiki.freeradius.org/config/Status
+
+You should note that status requests increment the FreeRADIUS request stats.  So LibreNMS polls will ultimately be reflected in your stats/charts.
+
+1: Go to your FreeRADIUS configuration directory (usually /etc/raddb or /etc/freeradius).
+
+2: `cd sites-enabled`
+
+3: `ln -s ../sites-available/status status`
+
+4: Restart FreeRADIUS.
+
+5: You should be able to test with the radclient as follows...
 ```
-wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/mailscanner.php -O /etc/snmp/mailscanner.php
+echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 31, Response-Packet-Type = Access-Accept" | \
+radclient -x localhost:18121 status adminsecret
 ```
+Note that adminsecret is the default secret key in status_server.  Change if you've modified this.
 
-2. Make the script executable (chmod +x /etc/snmp/mailscanner.php)
+##### SNMP Extend
 
-3. Edit your snmpd.conf file (usually /etc/snmp/snmpd.conf) and add:
+1: Copy the freeradius shell script, to the desired host (the host must be added to LibreNMS devices)
 ```
-extend mailscanner /etc/snmp/mailscanner.php
+wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/freeradius.sh -O /etc/snmp/freeradius.sh
 ```
 
-4. Restart snmpd on your host
+2: Make the script executable (chmod +x /etc/snmp/freeradius.sh)
 
+3: If you've made any changes to the FreeRADIUS status_server config (secret key, port, etc.) edit freeradius.sh and adjust the config variable accordingly.
 
-### GPSD
-A small shell script that reports GPSD status.
+4: Edit your snmpd.conf file and add:
+```
+extend freeradius /etc/snmp/freeradius.sh
+```
+
+5: Restart snmpd on the host in question.
 
 ##### Agent
-[Install the agent](Agent-Setup.md) on this device if it isn't already and copy the `gpsd` script to `/usr/lib/check_mk_agent/local/`
 
-You may need to configure `$server` or `$port`.
+1: [Install the agent](Agent-Setup.md) on this device if it isn't already and copy the script to `/usr/lib/check_mk_agent/local/freeradius.sh` via `wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/freeradius.sh -O /usr/lib/check_mk_agent/local/freeradius.sh`
 
-Verify it is working by running `/usr/lib/check_mk_agent/local/gpsd`
+2: Run `chmod +x /usr/lib/check_mk_agent/local/freeradius.sh`
+
+3: If you've made any changes to the FreeRADIUS status_server config (secret key, port, etc.) edit freeradius.sh and adjust the config variable accordingly.
+
+4: Edit the freeradius.sh script and set the variable 'AGENT' to '1' in the config.
 
 
 ### Freeswitch
@@ -315,6 +337,34 @@ extend freeswitch /etc/snmp/freeswitch
 6. Restart snmpd on your host
 
 
+### GPSD
+A small shell script that reports GPSD status.
+
+##### Agent
+[Install the agent](Agent-Setup.md) on this device if it isn't already and copy the `gpsd` script to `/usr/lib/check_mk_agent/local/`
+
+You may need to configure `$server` or `$port`.
+
+Verify it is working by running `/usr/lib/check_mk_agent/local/gpsd`
+
+
+### Mailscanner
+##### SNMP Extend
+1. Download the script onto the desired host (the host must be added to LibreNMS devices)
+```
+wget https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/mailscanner.php -O /etc/snmp/mailscanner.php
+```
+
+2. Make the script executable (chmod +x /etc/snmp/mailscanner.php)
+
+3. Edit your snmpd.conf file (usually /etc/snmp/snmpd.conf) and add:
+```
+extend mailscanner /etc/snmp/mailscanner.php
+```
+
+4. Restart snmpd on your host
+
+
 ### Memcached
 ##### SNMP Extend
 1. Copy the [memcached script](https://github.com/librenms/librenms-agent/blob/master/agent-local/memcached) to `/etc/snmp/` on your remote server.

diff --git a/html/includes/functions.inc.php b/html/includes/functions.inc.php
@@ -125,6 +125,9 @@ function nicecase($item)
 
         case 'pi-hole':
             return 'Pi-hole';
+
+        case 'freeradius':
+            return 'FreeRADIUS';
 
         default:
             return ucfirst($item);

diff --git a/html/includes/graphs/application/freeradius_access.inc.php b/html/includes/graphs/application/freeradius_access.inc.php
@@ -0,0 +1,26 @@
+<?php
+require 'includes/graphs/common.inc.php';
+$i               = 0;
+$scale_min       = 0;
+$nototal         = 1;
+$unit_text       = 'Per Sec.';
+$rrd_filename    = rrd_name($device['hostname'], array('app', 'freeradius-access', $app['app_id']));
+$fr_access_array = array(
+    'requests' => 'Requests',
+    'accepts' => 'Accepts',
+    'rejects'=> 'Rejects',
+    'challenges' => 'Challenges'
+);
+$colours      = 'mixed';
+$rrd_list     = array();
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($fr_access_array as $ds => $descr) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr']    = $descr;
+        $rrd_list[$i]['ds']       = $ds;
+        $i++;
+    }
+} else {
+    echo "file missing: $rrd_filename";
+}
+require 'includes/graphs/generic_multi_line.inc.php';
diff --git a/html/includes/graphs/application/freeradius_acct.inc.php b/html/includes/graphs/application/freeradius_acct.inc.php
@@ -0,0 +1,29 @@
+<?php
+require 'includes/graphs/common.inc.php';
+$i             = 0;
+$scale_min     = 0;
+$nototal       = 1;
+$unit_text     = 'Per Sec.';
+$rrd_filename  = rrd_name($device['hostname'], array('app', 'freeradius-acct', $app['app_id']));
+$fr_acct_array = array(
+    'requests' => 'Requests',
+    'responses' => 'Responses',
+    'duplicate_requests' => 'Duplicate Requests',
+    'malformed_requests' => 'Malformed Requests',
+    'invalid_requests' => 'Invalid Requests',
+    'dropped_requests' => 'Dropped Requests',
+    'unknown_types' => 'Unknown Types'
+);
+$colours      = 'mixed';
+$rrd_list     = array();
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($fr_acct_array as $ds => $descr) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr']    = $descr;
+        $rrd_list[$i]['ds']       = $ds;
+        $i++;
+    }
+} else {
+    echo "file missing: $rrd_filename";
+}
+require 'includes/graphs/generic_multi_line.inc.php';
diff --git a/html/includes/graphs/application/freeradius_auth.inc.php b/html/includes/graphs/application/freeradius_auth.inc.php
@@ -0,0 +1,28 @@
+<?php
+require 'includes/graphs/common.inc.php';
+$i             = 0;
+$scale_min     = 0;
+$nototal       = 1;
+$unit_text     = 'Per Sec.';
+$rrd_filename  = rrd_name($device['hostname'], array('app', 'freeradius-auth', $app['app_id']));
+$fr_auth_array = array(
+    'responses' => 'Responses',
+    'duplicate_requests' => 'Duplicate Requests',
+    'malformed_requests' => 'Malformed Requests',
+    'invalid_requests' => 'Invalid Requests',
+    'dropped_requests' => 'Dropped Requests',
+    'unknown_types' => 'Unknown Types'
+);
+$colours      = 'mixed';
+$rrd_list     = array();
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($fr_auth_array as $ds => $descr) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr']    = $descr;
+        $rrd_list[$i]['ds']       = $ds;
+        $i++;
+    }
+} else {
+    echo "file missing: $rrd_filename";
+}
+require 'includes/graphs/generic_multi_line.inc.php';
diff --git a/html/includes/graphs/application/freeradius_proxy_access.inc.php b/html/includes/graphs/application/freeradius_proxy_access.inc.php
@@ -0,0 +1,26 @@
+<?php
+require 'includes/graphs/common.inc.php';
+$i                     = 0;
+$scale_min             = 0;
+$nototal               = 1;
+$unit_text             = 'Per Sec.';
+$rrd_filename          = rrd_name($device['hostname'], array('app', 'freeradius-proxy_access', $app['app_id']));
+$fr_proxy_access_array = array(
+    'requests' => 'Requests',
+    'accepts' => 'Accepts',
+    'rejects'=> 'Rejects',
+    'challenges' => 'Challenges'
+);
+$colours      = 'mixed';
+$rrd_list     = array();
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($fr_proxy_access_array as $ds => $descr) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr']    = $descr;
+        $rrd_list[$i]['ds']       = $ds;
+        $i++;
+    }
+} else {
+    echo "file missing: $rrd_filename";
+}
+require 'includes/graphs/generic_multi_line.inc.php';
diff --git a/html/includes/graphs/application/freeradius_proxy_acct.inc.php b/html/includes/graphs/application/freeradius_proxy_acct.inc.php
@@ -0,0 +1,29 @@
+<?php
+require 'includes/graphs/common.inc.php';
+$i                   = 0;
+$scale_min           = 0;
+$nototal             = 1;
+$unit_text           = 'Per Sec.';
+$rrd_filename        = rrd_name($device['hostname'], array('app', 'freeradius-proxy_acct', $app['app_id']));
+$fr_proxy_acct_array = array(
+    'requests' => 'Requests',
+    'responses' => 'Responses',
+    'duplicate_requests' => 'Duplicate Requests',
+    'malformed_requests' => 'Malformed Requests',
+    'invalid_requests' => 'Invalid Requests',
+    'dropped_requests' => 'Dropped Requests',
+    'unknown_types' => 'Unknown Types'
+);
+$colours      = 'mixed';
+$rrd_list     = array();
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($fr_proxy_acct_array as $ds => $descr) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr']    = $descr;
+        $rrd_list[$i]['ds']       = $ds;
+        $i++;
+    }
+} else {
+    echo "file missing: $rrd_filename";
+}
+require 'includes/graphs/generic_multi_line.inc.php';
diff --git a/html/includes/graphs/application/freeradius_proxy_auth.inc.php b/html/includes/graphs/application/freeradius_proxy_auth.inc.php
@@ -0,0 +1,28 @@
+<?php
+require 'includes/graphs/common.inc.php';
+$i                   = 0;
+$scale_min           = 0;
+$nototal             = 1;
+$unit_text           = 'Per Sec.';
+$rrd_filename        = rrd_name($device['hostname'], array('app', 'freeradius-proxy_auth', $app['app_id']));
+$fr_proxy_auth_array = array(
+    'responses' => 'Responses',
+    'duplicate_requests' => 'Duplicate Requests',
+    'malformed_requests' => 'Malformed Requests',
+    'invalid_requests' => 'Invalid Requests',
+    'dropped_requests' => 'Dropped Requests',
+    'unknown_types' => 'Unknown Types'
+);
+$colours      = 'mixed';
+$rrd_list     = array();
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($fr_proxy_auth_array as $ds => $descr) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr']    = $descr;
+        $rrd_list[$i]['ds']       = $ds;
+        $i++;
+    }
+} else {
+    echo "file missing: $rrd_filename";
+}
+require 'includes/graphs/generic_multi_line.inc.php';
diff --git a/html/includes/graphs/application/freeradius_queue.inc.php b/html/includes/graphs/application/freeradius_queue.inc.php
@@ -0,0 +1,29 @@
+<?php
+require 'includes/graphs/common.inc.php';
+$i              = 0;
+$scale_min      = 0;
+$nototal        = 1;
+$unit_text      = 'Per Sec.';
+$rrd_filename   = rrd_name($device['hostname'], array('app', 'freeradius-queue', $app['app_id']));
+$fr_queue_array = array(
+    'len_internal' => 'Len Internal',
+    'len_proxy' => 'Len Proxy',
+    'len_auth' => 'Len Auth',
+    'len_acct' => 'Len Acct',
+    'len_detail' => 'Len Detail',
+    'pps_in' => 'PPS In',
+    'pps_out' => 'PPS Out'
+);
+$colours      = 'mixed';
+$rrd_list     = array();
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    foreach ($fr_queue_array as $ds => $descr) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr']    = $descr;
+        $rrd_list[$i]['ds']       = $ds;
+        $i++;
+    }
+} else {
+    echo "file missing: $rrd_filename";
+}
+require 'includes/graphs/generic_multi_line.inc.php';
diff --git a/html/pages/apps.inc.php b/html/pages/apps.inc.php
@@ -273,6 +273,16 @@
     'blocklist',
 );
 
+$graphs['freeradius'] = array(
+    'access',
+    'auth',
+    'acct',
+    'proxy_access',
+    'proxy_auth',
+    'proxy_acct',
+    'queue',
+);
+
 print_optionbar_start();
 
 echo "<span style='font-weight: bold;'>Apps</span> &#187; ";

diff --git a/html/pages/device/apps/freeradius.inc.php b/html/pages/device/apps/freeradius.inc.php
@@ -0,0 +1,29 @@
+<?php
+global $config;
+$graphs = array(
+    'freeradius_access'       => 'FreeRADIUS - Access',
+    'freeradius_auth'         => 'FreeRADIUS - Auth',
+    'freeradius_acct'         => 'FreeRADIUS - Acct',
+    'freeradius_proxy_access' => 'FreeRADIUS - Proxy Access',
+    'freeradius_proxy_auth'   => 'FreeRADIUS - Proxy Auth',
+    'freeradius_proxy_acct'   => 'FreeRADIUS - Proxy Acct',
+    'freeradius_queue'        => 'FreeRADIUS - Queue'
+    );
+foreach ($graphs as $key => $text) {
+    $graph_type            = $key;
+    $graph_array['height'] = '100';
+    $graph_array['width']  = '215';
+    $graph_array['to']     = $config['time']['now'];
+    $graph_array['id']     = $app['app_id'];
+    $graph_array['type']   = 'application_'.$key;
+    echo '<div class="panel panel-default">
+    <div class="panel-heading">
+        <h3 class="panel-title">'.$text.'</h3>
+    </div>
+    <div class="panel-body">
+    <div class="row">';
+    include 'includes/print-graphrow.inc.php';
+    echo '</div>';
+    echo '</div>';
+    echo '</div>';
+}