dsgnr/wireguard_connection_monitor.sh

## wireguard_connection_monitor.sh
#!/bin/bash

# Configuration Variables
threshold=300 # 5 minutes in seconds.. anything below that means user connected, anything above means disconnected.
connection_info_file=/var/log/wireguard/connected_clients.info
log_file=/var/log/wireguard/wireguard.log
slack_notify=yes
SLACK_CHANNEL="#channel"
SLACK_USERNAME="WireGuard"
SLACK_WEBHOOK_URL="https://hooks.slack.com/services/api_token"

notify() {
    user=$1
    endpoint=$2
    durationMsg=$3
    msgType=$4
    local color='good'
    if [ $msgType == 'Connected' ]; then
        color='success'
    elif [ $msgType == 'Disconnected' ]; then
        color = 'warning'
    fi

    payload="{
        \"channel\": \"$SLACK_CHANNEL\",
        \"username\": \"$SLACK_USERNAME\",
        \"color\": \"$color\",
        \"text\": \"Wireguard Connection Notification\",
        \"blocks\": [
            {
                \"type\": \"rich_text\",
                \"elements\": [
                    {
                        \"type\": \"rich_text_section\",
                        \"elements\": [
                            {
                                \"type\": \"text\",
                                \"text\": \"Wireguard Connection Notification\"
                            }
                        ]
                    },
                    {
                        \"type\": \"rich_text_preformatted\",
                        \"elements\": [
                            {
                                \"type\": \"text\",
                                \"text\": \"User: $user\nRemote Host: $endpoint\nEvent Type: $msgType\nEvent Time: $durationMsg\nDate: `date`\nHostname: `hostname -f`\nServer: `uname -a`\"

                            }
                        ]
                    }
                ]
            }
        ]
    }"
    curl -X POST -H "Content-type: application/json" --data "$payload" $SLACK_WEBHOOK_URL

}

mkdir -p /var/log/wireguard/
echo "`date` -- Wireguard Logging Service Started" >> /var/log/wireguard/wireguard-service.log
while [ 1 ]
do
        wgout=`wg | sed -n '/^peer/,/^$/p'`
        if [ ! -z "$wgout" ];then
                echo $wgout | sed 's/peer/\npeer/g' | grep -v '^$'| while read word; do
                #echo "-------------------------------------------"
                #echo "word: $word"
                #echo "-------------------------------------------"
                endpoint=`echo $word | grep -o 'endpoint:\s\+\S*\W' | awk -F':' {'print $2'} | tr -d ' '`
                peer=`echo $word | grep -o 'peer:\s\+\S*\W' | awk -F':' {'print $2'} | tr -d ' '`
                days=`echo $word | grep -oE "[0-9]{1,3} day" | awk {'print $1'}`
                hours=`echo $word | grep -oE "[0-9]{1,2} hour" | awk {'print $1'}`
                minutes=`echo $word | grep -oE "[0-9]{1,2} minute" | awk {'print $1'}`
                seconds=`echo $word | grep -oE "[0-9]{1,2} second" | awk {'print $1'}`
                #endpoint=`echo $word  | awk -F' |:' {'print $6'}`
                durationMessage=''
                continue=true
                if [ ! -z $days ];then
                        day_seconds=$(($days*24*60*60*60))
                        durationMessage+="$days Day(s),"
                        continue=false
                fi
                if [ ! -z $hours ];then
                        hour_seconds=$((hours*60*60))
                        durationMessage+="$hours Hour(s), "
                        continue=false
                fi

                if [ ! -z $minutes ];then
                        minute_seconds=$((minutes*60))
                        durationMessage+="$minutes minute(s), "
                        continue=false
                fi

                if [ ! -z $seconds ];then
                        second_seconds=$((seconds))
                        durationMessage+="$seconds second(s) ago"
                        continue=false
                fi

                if [ $continue == "true" ];then
                    continue
                fi

                duration=$((hour_seconds + minute_seconds + second_seconds))
                user=`grep ${peer} /etc/wireguard/wg0.conf | awk -F' ' {'print $5'}`
                echo "User: $user , Duration: $duration, Peer: $peer, IP: $endpoint, Threshold: $threshold"
                if [ $duration -le $threshold ];then
                        touch ${connection_info_file} ${log_file}
                        grep -i $user[[:space:]] ${connection_info_file} >> /dev/null
                        if [ $? -ne 0 ];then
                                echo "`date` - $user connected" >> ${connection_info_file}
                                echo "`date` - User $user connected from $endpoint $durationMessage" >> ${log_file}
				if [ "$slack_notify" == "yes" ];then
                                	notify "$user" "$endpoint" "$durationMessage" "Connected"
				fi

                        fi
                elif [ $duration -gt $threshold ];then
                        touch ${connection_info_file} ${log_file}
                        grep -i $user[[:space:]] ${connection_info_file} >> /dev/null
                        if [ $? -eq 0 ];then
                                sed -i "/$user/d" ${connection_info_file}
                                echo "`date` - User $user $endpoint disconnected $durationMessage" >> ${log_file}
                                if [ "$slack_notify" == "yes" ];then
                                	notify "$user" "$endpoint" "$durationMessage" "Disconnected"
                                fi

                        fi
                fi
                done
        fi
        sleep 10
done
	#!/bin/bash

	# Configuration Variables
	threshold=300 # 5 minutes in seconds.. anything below that means user connected, anything above means disconnected.
	connection_info_file=/var/log/wireguard/connected_clients.info
	log_file=/var/log/wireguard/wireguard.log
	slack_notify=yes
	SLACK_CHANNEL="#channel"
	SLACK_USERNAME="WireGuard"
	SLACK_WEBHOOK_URL="https://hooks.slack.com/services/api_token"

	notify() {
	user=$1
	endpoint=$2
	durationMsg=$3
	msgType=$4
	local color='good'
	if [ $msgType == 'Connected' ]; then
	color='success'
	elif [ $msgType == 'Disconnected' ]; then
	color = 'warning'
	fi

	payload="{
	\"channel\": \"$SLACK_CHANNEL\",
	\"username\": \"$SLACK_USERNAME\",
	\"color\": \"$color\",
	\"text\": \"Wireguard Connection Notification\",
	\"blocks\": [
	{
	\"type\": \"rich_text\",
	\"elements\": [
	{
	\"type\": \"rich_text_section\",
	\"elements\": [
	{
	\"type\": \"text\",
	\"text\": \"Wireguard Connection Notification\"
	}
	]
	},
	{
	\"type\": \"rich_text_preformatted\",
	\"elements\": [
	{
	\"type\": \"text\",
	\"text\": \"User: $user\nRemote Host: $endpoint\nEvent Type: $msgType\nEvent Time: $durationMsg\nDate: `date`\nHostname: `hostname -f`\nServer: `uname -a`\"

	}
	]
	}
	]
	}
	]
	}"
	curl -X POST -H "Content-type: application/json" --data "$payload" $SLACK_WEBHOOK_URL

	}

	mkdir -p /var/log/wireguard/
	echo "`date` -- Wireguard Logging Service Started" >> /var/log/wireguard/wireguard-service.log
	while [ 1 ]
	do
	wgout=`wg \| sed -n '/^peer/,/^$/p'`
	if [ ! -z "$wgout" ];then
	echo $wgout \| sed 's/peer/\npeer/g' \| grep -v '^$'\| while read word; do
	#echo "-------------------------------------------"
	#echo "word: $word"
	#echo "-------------------------------------------"
	endpoint=`echo $word \| grep -o 'endpoint:\s\+\S*\W' \| awk -F':' {'print $2'} \| tr -d ' '`
	peer=`echo $word \| grep -o 'peer:\s\+\S*\W' \| awk -F':' {'print $2'} \| tr -d ' '`
	days=`echo $word \| grep -oE "[0-9]{1,3} day" \| awk {'print $1'}`
	hours=`echo $word \| grep -oE "[0-9]{1,2} hour" \| awk {'print $1'}`
	minutes=`echo $word \| grep -oE "[0-9]{1,2} minute" \| awk {'print $1'}`
	seconds=`echo $word \| grep -oE "[0-9]{1,2} second" \| awk {'print $1'}`
	#endpoint=`echo $word \| awk -F' \|:' {'print $6'}`
	durationMessage=''
	continue=true
	if [ ! -z $days ];then
	day_seconds=$(($days24606060))
	durationMessage+="$days Day(s),"
	continue=false
	fi
	if [ ! -z $hours ];then
	hour_seconds=$((hours6060))
	durationMessage+="$hours Hour(s), "
	continue=false
	fi

	if [ ! -z $minutes ];then
	minute_seconds=$((minutes*60))
	durationMessage+="$minutes minute(s), "
	continue=false
	fi

	if [ ! -z $seconds ];then
	second_seconds=$((seconds))
	durationMessage+="$seconds second(s) ago"
	continue=false
	fi

	if [ $continue == "true" ];then
	continue
	fi

	duration=$((hour_seconds + minute_seconds + second_seconds))
	user=`grep ${peer} /etc/wireguard/wg0.conf \| awk -F' ' {'print $5'}`
	echo "User: $user , Duration: $duration, Peer: $peer, IP: $endpoint, Threshold: $threshold"
	if [ $duration -le $threshold ];then
	touch ${connection_info_file} ${log_file}
	grep -i $user[[:space:]] ${connection_info_file} >> /dev/null
	if [ $? -ne 0 ];then
	echo "`date` - $user connected" >> ${connection_info_file}
	echo "`date` - User $user connected from $endpoint $durationMessage" >> ${log_file}
	if [ "$slack_notify" == "yes" ];then
	notify "$user" "$endpoint" "$durationMessage" "Connected"
	fi

	fi
	elif [ $duration -gt $threshold ];then
	touch ${connection_info_file} ${log_file}
	grep -i $user[[:space:]] ${connection_info_file} >> /dev/null
	if [ $? -eq 0 ];then
	sed -i "/$user/d" ${connection_info_file}
	echo "`date` - User $user $endpoint disconnected $durationMessage" >> ${log_file}
	if [ "$slack_notify" == "yes" ];then
	notify "$user" "$endpoint" "$durationMessage" "Disconnected"
	fi

	fi
	fi
	done
	fi
	sleep 10
	done