Skip to content

Prometheus exporter that scrapes currently logged in users on unix systems

License

Notifications You must be signed in to change notification settings

stfsy/prometheus-what-active-users-exporter

Repository files navigation

Active Users Exporter for Prometheus

Npm Version Git tag Github issues License

This is a simple server that scrapes the output of the unix command w. w displays information about the users currently on the machine, and their processes.

Why would you want to do that? This exporter will allow you to monitor who logs into your system. So you can define alarms for unauthorized users, the max. amount of active session or even every active user session. W will also monitor logins via SSH which allows you to track even active remote sessions.

Currently, three metrics are created and exposed:

  • Status of the exporter: what_up{version="x.x.x"} 1
  • Sum of session per user: what_user_sessions_currently_active{user="demo"} 1
  • Single sessions per user: what_each_session_currently_active{user="pip3",ip="192.168.2.107",tty="pts/0"} 1

The exporter was tested on Ubuntu.

Getting Started

Download the binary from the latest release. We currently provide binaries for Linux and Alpine Linux on amd64.

To download latest Linux version and check sha256 sum:

#!/bin/bash

set -ex

declare -r owner="stfsy"
declare -r name="prometheus-what-active-users-exporter"

declare -r latest_release_url=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/${owner}/${name}/releases/latest)
declare -r latest_version=$(echo ${latest_release_url} | awk -F'/' '{print $8}')
declare -r latest_version_name=${name}-${latest_version}-linux-x64

declare -r shasum_url=https://github.com/${owner}/${name}/releases/download/${latest_version}/sha256sums.txt
declare -r binary_url=https://github.com/${owner}/${name}/releases/download/${latest_version}/${latest_version_name}

curl -L ${shasum_url} > shasums256.txt
curl -L ${binary_url} > ${latest_version_name}

declare -r hash_sum_line=$(cat shasums256.txt | grep ${latest_version_name})
declare -r hash_sum=$(echo ${hash_sum_line} | awk -F' ' '{print $1}')

echo "${hash_sum}  ${latest_version_name}" | sha256sum --check --ignore-missing 

mv ${latest_version_name} ${name}
rm shasums256.txt

To run it:

./prometheus-what-active-users-exporter [flags]

Help on flags:

./prometheus-what-active-users-exporter --help

Usage

By default the exporter will start with sensible default values. Configuration can be customized with the following command line flags:

  • --listen.host: default=127.0.0.1
  • --listen.port default=127.0.0.1
  • --metrics.endpoint default=/metrics
  • --metrics.prefix default=what
  • --metrics.with-timestamp default=false
  • --scrape.interval default=5000

⚠️

There's a tradeoff between detecting every single and possibly very short login vs. putting additional load on your system by querying too often. By default, the exporter will query the active sessions every 5s.

Meaning: Login sessions that last less than 5s might no be detected by the exporter. Login sessions that last longer than 5s will be stored.

Building

npx pkg --compress GZip --targets node16-linux-x64,node16-alpine-x64,node16-linuxstatic-x64 lib/index.js

Testing

npm test

TLS and basic authentication

The W exporter does currently not support TLS and basic authentication.

License

This project is distributed under the MIT license.