Monitoring WireGuard with Prometheus

GitHub user MindFlavor created an exporter for WireGuard that collects metrics from the wg show all dump command.

https://github.com/MindFlavor/prometheus_wireguard_exporter

Install WireGuard Exporter

You can either compile the exporter from source or use the cargo command to install the exporter. I opted for cargo.

apt-get update

apt-get install cargo

cargo install prometheus_wireguard_exporter

Cargo will download and install everything. Once this was done I copied the prometheus_wireguard_exporter executable to /usr/local/bin/. I’m not 100% positive if this is best practice, if you know a better way shoot me an email.

Once this is all done you should be able to run the exporter and it should show metrics on port 9586. curl http://localhost:9586/metrics

Create a service

[Unit]
Description=Prometheus WireGuard Exporter
Wants=network-online.target
After=network-online.target

[Service]
User=root
Group=root
Type=simple
ExecStart=/usr/local/bin/prometheus_wireguard_exporter -n /etc/wireguard/your_config_file_here.conf

[Install]
WantedBy=multi-user.target

If you add the -n flag make sure you add the friendly name metadata to your peers.

[Peer]
# friendly_name = this is a friendly name
PublicKey = lqYcojJMsIZXMUw1heAFbQHBoKjCEaeo7M1WXDh/KWc=
AllowedIPs = 10.70.0.40/32

Get $200 in cloud credits from DigitalOcean using my link: https://m.do.co/t/909d52b6253a