Munin plugin to monitor Nginx TLS versions

logrotate.conf

/var/log/nginx/misc/ssl.log {
	daily
	missingok
	rotate 0
	notifempty
	create 0640 www-data adm
	sharedscripts
	prerotate
		if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
			run-parts /etc/logrotate.d/httpd-prerotate; \
		fi \
	endscript
	postrotate
		invoke-rc.d nginx rotate >/dev/null 2>&1
	endscript
}

nginx.conf

log_format ssl '$ssl_protocol';
access_log /var/log/nginx/misc/ssl.log ssl;

nginx_tls

#!/bin/bash

if [[ "$1" == "autoconf" ]]
then
	echo "no"
	exit 1
elif [[ "$1" != "config" ]]
then
	sort /var/log/nginx/misc/ssl.log | uniq -c | sort -k 2 | \
	awk '{ k=gensub(/[^a-z0-9_]/, "_", "g", tolower($2)); print k".value "$1; }'
	exit $?
fi

cat << EOF
graph_title Nginx TLS Versions
graph_vlabel Requests per \${graph_period}
graph_args --base 1000 --lower-limit 0
graph_category nginx
graph_total Total
_.label Unencrypted
_.colour COLOUR7
_.draw AREA
_.type DERIVE
_.min 0
tlsv1.label TLSv1.0
tlsv1.colour COLOUR2
tlsv1.draw STACK
tlsv1.type DERIVE
tlsv1.min 0
tlsv1_1.label TLSv1.1
tlsv1_1.colour COLOUR3
tlsv1_1.draw STACK
tlsv1_1.type DERIVE
tlsv1_1.min 0
tlsv1_2.label TLSv1.2
tlsv1_2.colour COLOUR1
tlsv1_2.draw STACK
tlsv1_2.type DERIVE
tlsv1_2.min 0
tlsv1_3.label TLSv1.3
tlsv1_3.colour COLOUR0
tlsv1_3.draw STACK
tlsv1_3.type DERIVE
tlsv1_3.min 0
EOF