Monitoring WireGuard with Prometheus
GitHub user MindFlavor created an exporter for WireGuard that collects metrics from the wg show all dump
command.
https://github.com/MindFlavor/prometheus_wireguard_exporter
Install WireGuard Exporter
You can either compile the exporter from source or use the cargo command to install the exporter. I opted for cargo.
apt-get update
apt-get install cargo
cargo install prometheus_wireguard_exporter
Cargo will download and install everything. Once this was done I copied the prometheus_wireguard_exporter executable to /usr/local/bin/. I’m not 100% positive if this is best practice, if you know a better way shoot me an email.
Once this is all done you should be able to run the exporter and it should show metrics on port 9586. curl http://localhost:9586/metrics
Create a service
[Unit]
Description=Prometheus WireGuard Exporter
Wants=network-online.target
After=network-online.target
[Service]
User=root
Group=root
Type=simple
ExecStart=/usr/local/bin/prometheus_wireguard_exporter -n /etc/wireguard/your_config_file_here.conf
[Install]
WantedBy=multi-user.target
If you add the -n flag make sure you add the friendly name metadata to your peers.
[Peer]
# friendly_name = this is a friendly name
PublicKey = lqYcojJMsIZXMUw1heAFbQHBoKjCEaeo7M1WXDh/KWc=
AllowedIPs = 10.70.0.40/32
Get $200 in cloud credits from DigitalOcean using my link: https://m.do.co/t/909d52b6253a