Monitoring WireGuard with Prometheus

GitHub user MindFlavor created an exporter for WireGuard that collects metrics from the wg show all dump command.

Install WireGuard Exporter

You can either compile the exporter from source or use the cargo command to install the exporter. I opted for cargo.

apt-get update

apt-get install cargo

cargo install prometheus_wireguard_exporter

Cargo will download and install everything. Once this was done I copied the prometheus_wireguard_exporter executable to /usr/local/bin/. I’m not 100% positive if this is best practice, if you know a better way shoot me an email.

Once this is all done you should be able to run the exporter and it should show metrics on port 9586. curl http://localhost:9586/metrics

Create a service

Description=Prometheus WireGuard Exporter

ExecStart=/usr/local/bin/prometheus_wireguard_exporter -n /etc/wireguard/your_config_file_here.conf


If you add the -n flag make sure you add the friendly name metadata to your peers.

# friendly_name = this is a friendly name
PublicKey = lqYcojJMsIZXMUw1heAFbQHBoKjCEaeo7M1WXDh/KWc=
AllowedIPs =

Get $200 in cloud credits from DigitalOcean using my link: