-
Notifications
You must be signed in to change notification settings - Fork 750
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
swanctl --list-something --json please? #493
Comments
You can just use the python egg or ruby gem to communicate programmatically over VICI socket. |
Actually I don't want to replace swanctl by my own tool. swanctl is already made for monitoring. Supporting json would make it more useful. |
No, swanctl is not made for monitoring. It's just a configuration tool. It's --raw and --pretty modes are just for printing all the information in a "good" format. It's not made for text scraping or anything else other than usage by a human. |
Please check the man page:
|
Is there any news on this topic? @Thermi As you know I work with OpenWrt and would like to add a status page to LuCI for strongswan. Why is the output not in json? |
Then use the machine-readable VICI interface directly via one of the available bindings. The output of
While it does look similar to JSON, it's just a simple text representation of the VICI messages (with |
The bindings are suboptimal for a pure monitoring purpose. But the main thing is to have something. One thing is that the main tooling does not directly rely on those other languages and so the daemon might work fine yet no python (the only one i can talk about) would be installed. Especially if you think appliances, like pfSense etc. (besides from good FreeSWAN intro at CCC camp in 1999 thats my only touch point), where you utterly need to have monitoring. And it should not break on upgrades due to missing dependencies etc. A clean route would be to have a SNMP MIB extension and subagent, so the perl route in theory. In practice, that is, idk, 50-100 times the effort of making a monitoring plugin that can screenscrape something. So even for the non-monitoring case of pure debugging, the current state is endagering the vpn admin while they're debugging. I suppose Linux people can solve this by plugin into something that has external connection handling, i.e. NetworkManager) So the question is what's achievable. If I try to make a more actionable interpretation of what you wrote, the best option would be to develop / contribute a C based tool ( A person debugging would need to run it in a second session and could get quasi-live status updates. The bad thing is that VPN connections usually are fatally important, so any frontend would need to be well-designed. What seems possible, at the moment, within reach of less professional contributors:
That would bring
footnote: |
@FlorianHeigl Thank you for your detailed explanation. We have not been idle and have written a small tool that outputs the data as they are as json via the VICI socket. The small tools uses the davici library. That would be just the beginning. We still need to understand more about how IPsec works. |
Would it be possible to get json formatted output for
swanctl --list-sas
and others as well? It doesn't have to be fancy. A big one-liner simirar to--raw
would be sufficient.This would make it much easier to process the output of various swanctl options for monitoring, using standard tools like jq or the json modules of perl and python, for example.
Thanx in advance
The text was updated successfully, but these errors were encountered: