Expose Prometheus metrics with ocserv-exporter
Author: Florian Domain
Scope
This recipe provides step by step instructions on how to run and scrape ocserv-exporter from a Prometheus instance. This exporter allows to gather various metrics on ocserv (number of connected users, failed authentication attempts, etc...).
Platforms used for testing
This recipe was tested on the following platforms:
- CentOS 8 on amd64 architecture
Prerequisites
- ocserv with occtl enabled (
use-occtl = true
in the configuration) - a Prometheus instance (refer to the official documentation for its installation)
Assumptions
This recipe assumes the reader has a basic understanding of a GNU/linux system and all commands are run from a privileged user. It is recommended to login the system using root. If not possible, execute "su root" or "sudo -s" to get highest privileges. The ocserv-exporter must run on the same system as ocserv.
Installation
- Download the latest release of ocserv-exporter from ocserv server:
curl -LO https://github.com/criteo/ocserv-exporter/releases/download/vx.x.x/ocserv-exporter_x.x.x_linux_amd64.tar.gz
- Extract the archive:
tar xvf ocserv-exporter_x.x.x_linux_amd64.tar.gz
- Run the exporter
./ocserv-exporter -listen 0.0.0.0:8300
- Check that you can get the metrics from the exporter
curl -S http://127.0.0.1:8300/metrics
- On the Prometheus instance, add the following block in the
scrape_configs
section of the configuration:scrape_configs: - job_name: 'ocserv-exporter' scrape_interval: 30s static_configs: - targets: - x.x.x.x:8300 # The ocserv exporter's real ip:port metrics_path: /metrics
- Restart Prometheus, ocserv-exporter metrics must have been scraped and available from the UI