zabbix_export: version: '6.0' date: '2021-11-21T21:42:34Z' groups: - uuid: 7df96b18c230490a9a0a9e2307226338 name: Templates templates: - uuid: 79a17497527540a1a6ac005358b21769 template: 'App WireGuard' name: 'App WireGuard' description: | ## Overview Hi, I tried to create a template to monitor WireGuard with Zabbix. WireGuard does not really provide any monitoring tool so I had to do with "wg show" commands. It's probably not perfect so if you want to help I'm interested. Template provides 2 discovery rules : Interfaces Discovery (wg0, wg1...) : - Items to get active peers, total peers, port used and check firewall mark. - Triggers to check changes on port, fwmark and numbers of clients. - Graph to monitor active and total peers (even if connections are never released by WG once established). Peers Discovery (based on public key) : I had to truncate keys to 10 characters for easy reading. It should not be a problem because they're random. - Items to get for each endpoint : allowed IPs, IP address, port used, incoming/outgoing traffic, keepalive status and the last handshake. - Triggers to track changes on allowed IPs, connection port, IP address, keeaplive status and to monitor high traffic and unreachable endpoint. - Graph to monitor incoming/outgoing network traffic. This template may work with previous versions of Zabbix but it was tested for Zabbix 4.0 on a Debian 9.6 server. Please follow the link for instructions and files. Have fun ! ## Author Cryptage21 groups: - name: Templates discovery_rules: - uuid: be8ca3bb13df498da30b4a5b2f22c28c name: 'WireGuard Interfaces Discovery' key: 'wg.list.discovery[INTERFACES]' delay: 3600s item_prototypes: - uuid: 75dd597db688410d954a66924a526d74 name: 'Firewall mark enabled on {#WGINTERFACE}' key: 'wg.fw.mark[{#WGINTERFACE}]' delay: 60m history: 7d trends: 7d preprocessing: - type: BOOL_TO_DECIMAL parameters: - '' tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: 493f05bf32164660b8f1e6759290fa32 expression: '(last(/App WireGuard/wg.fw.mark[{#WGINTERFACE}],#1)<>last(/App WireGuard/wg.fw.mark[{#WGINTERFACE}],#2))=1' name: 'Firewall mark changed on {#WGINTERFACE} {HOST.NAME} VPN' priority: WARNING - uuid: c762c7002fcd48b18a998d4fcfff6c22 name: 'Active peers on {#WGINTERFACE}' key: 'wg.peers.connected[{#WGINTERFACE}]' delay: 15m history: 30d tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: e78691bac8f9489e8cc8613dbd468a24 expression: 'change(/App WireGuard/wg.peers.connected[{#WGINTERFACE}])<=-1' name: 'Less clients connected on {#WGINTERFACE} {HOST.NAME} VPN' priority: INFO - uuid: b1f4069af14c449ba6c044ff26ead43e expression: 'change(/App WireGuard/wg.peers.connected[{#WGINTERFACE}])>=1' name: 'More clients connected on {#WGINTERFACE} {HOST.NAME} VPN' priority: INFO - uuid: ab329453d2ee4c80b5f017a5962527e6 name: 'Total peers on {#WGINTERFACE}' key: 'wg.peers.count[{#WGINTERFACE}]' delay: 30m history: 7d trends: 30d tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: 95b3fd3741fa47fdb4fdf58835c9c964 expression: 'change(/App WireGuard/wg.peers.count[{#WGINTERFACE}])>=1' name: 'Peers added on {#WGINTERFACE} {HOST.NAME} VPN' priority: INFO - uuid: 1c7930d6db89487098d8cf538952ca33 expression: 'change(/App WireGuard/wg.peers.count[{#WGINTERFACE}])<=-1' name: 'Peers removed on {#WGINTERFACE} {HOST.NAME} VPN' priority: INFO - uuid: 4621470512a84cb5987b9094a21af438 name: 'Port used on {#WGINTERFACE}' key: 'wg.port.used[{#WGINTERFACE}]' delay: 60m history: 7d trends: 7d value_type: FLOAT preprocessing: - type: TRIM parameters: - '8' tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: f46ae7014bbc42bd9f7638987a597f59 expression: '(last(/App WireGuard/wg.port.used[{#WGINTERFACE}],#1)<>last(/App WireGuard/wg.port.used[{#WGINTERFACE}],#2))=1' name: 'Connection port changed on {#WGINTERFACE} {HOST.NAME} VPN' priority: WARNING graph_prototypes: - uuid: 1c1b0bae49a94cda976700c53465f3ed name: 'Peers on [{#WGINTERFACE}] VPN' graph_items: - color: 199C0D item: host: 'App WireGuard' key: 'wg.peers.connected[{#WGINTERFACE}]' - sortorder: '1' color: F63100 item: host: 'App WireGuard' key: 'wg.peers.count[{#WGINTERFACE}]' - uuid: 6a8f8deac58143cc8e019e5ffbd25c65 name: 'WireGuard Peers Discovery' key: 'wg.list.discovery[PEERS]' delay: 3600s item_prototypes: - uuid: 8cf4aeaf8c3a48b3a5ca6c21e87c9f9e name: 'Endpoint IP address for peer {#PEER}... on {#INTERFACE}' key: 'wg.endpoint.address[{#PEER}]' delay: 15m history: 30d trends: '0' value_type: TEXT tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: a656c2ab7b88448889f4094c5d748be5 expression: '(last(/App WireGuard/wg.endpoint.address[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.address[{#PEER}],#2))=1' name: 'IP address changed for {#PEER}... peer on {HOST.NAME}' priority: INFO - uuid: 783a5877b8c342daae847477739cd771 name: 'Allowed IPs for peer {#PEER}... on {#INTERFACE}' key: 'wg.endpoint.allowedips[{#PEER}]' delay: 30m history: 7d trends: '0' value_type: TEXT tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: d285e7ae58f44081a7bf851f9db448d8 expression: '(last(/App WireGuard/wg.endpoint.allowedips[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.allowedips[{#PEER}],#2))=1' name: 'Allowed IPs list altered for {#PEER}... peer on {HOST.NAME}' priority: HIGH - uuid: 032552bb30df4e4f8af2f63d960f104a name: 'Last handshake for peer {#PEER}... on {#INTERFACE}' key: 'wg.endpoint.handshake[{#PEER}]' delay: 10m history: 7d trends: 7d units: unixtime tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: 388694f27d284544b788929982cfd9e8 expression: 'fuzzytime(/App WireGuard/wg.endpoint.handshake[{#PEER}],1800s)=0' name: 'Unreachable {#PEER}... peer on {HOST.NAME} for 30 minutes' priority: HIGH - uuid: 875bb5ba5f3145f6a0e23504e11420bb name: 'Keepalive enabled for peer {#PEER}... on {#INTERFACE}' key: 'wg.endpoint.keepalive[{#PEER}]' delay: 30m history: 7d trends: 30d preprocessing: - type: BOOL_TO_DECIMAL parameters: - '' tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: 1f1371813ee44726b2e2b3fd56af8781 expression: '(last(/App WireGuard/wg.endpoint.keepalive[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.keepalive[{#PEER}],#2))=1' name: 'Keepalived changed for {#PEER}... peer on {HOST.NAME}' priority: WARNING - uuid: 9ebc76c4ae154902b6eb4ac830ca5d8e name: 'Endpoint port for peer {#PEER}... on {#INTERFACE}' key: 'wg.endpoint.port[{#PEER}]' delay: 15m history: 7d trends: 7d tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: e7e28c52ec8c4e8e81fd06e69f0bb863 expression: '(last(/App WireGuard/wg.endpoint.port[{#PEER}],#1)<>last(/App WireGuard/wg.endpoint.port[{#PEER}],#2))=1' name: 'Connection port changed for {#PEER}... peer on {HOST.NAME}' priority: INFO - uuid: 8f53ee0822eb413b95ac278113249356 name: 'Incoming traffic for peer {#PEER}... on {#INTERFACE}' key: 'wg.endpoint.transferdown[{#PEER}]' delay: 5m history: 30d units: bps preprocessing: - type: SIMPLE_CHANGE parameters: - '' tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: 6ea849155bc14e5993fa6eed084f3fa0 expression: 'change(/App WireGuard/wg.endpoint.transferdown[{#PEER}])>52428800' name: 'High incoming traffic for {#PEER}... peer on {HOST.NAME}' priority: AVERAGE - uuid: 581a86400c8440d78c5c2af13dccfa95 name: 'Outgoing traffic for peer {#PEER}... on {#INTERFACE}' key: 'wg.endpoint.transferup[{#PEER}]' delay: 5m history: 30d units: bps preprocessing: - type: SIMPLE_CHANGE parameters: - '' tags: - tag: Application value: Wireguard trigger_prototypes: - uuid: 0f3b8e3ecf1046829cae5298484d3ec3 expression: 'change(/App WireGuard/wg.endpoint.transferup[{#PEER}])>52428800' name: 'High outgoing traffic for {#PEER}... peer on {HOST.NAME}' priority: AVERAGE graph_prototypes: - uuid: d978b7d97e5543dbb534e1b97a82d16b name: 'Network traffic for {#INTERFACE}-{#PEER} peer' graph_items: - color: 199C0D item: host: 'App WireGuard' key: 'wg.endpoint.transferdown[{#PEER}]' - sortorder: '1' color: F63100 item: host: 'App WireGuard' key: 'wg.endpoint.transferup[{#PEER}]'