ContextQMD
Back to Telegraf

Tacacs Input Plugin

plugins/inputs/tacacs/README.md

1.38.33.4 KB
Original Source

Tacacs Input Plugin

This plugin collects metrics on Terminal Access Controller Access Control System authentication requests like response status and response time from servers such as Aruba ClearPass, FreeRADIUS or TACACS+.

The plugin is primarily meant to monitor how long it takes for the server to fully handle an authentication request, including all potential dependent calls (for example to AD servers, or other sources of truth).

⭐ Telegraf v1.28.0 🏷️ network 💻 all

Global configuration options <!-- @/docs/includes/plugin_config.md -->

Plugins support additional global and plugin configuration settings for tasks such as modifying metrics, tags, and fields, creating aliases, and configuring plugin ordering. See CONFIGURATION.md for more details.

Secret-store support

This plugin supports secrets from secret-stores for the username, password and secret option. See the secret-store documentation for more details on how to use them.

Configuration

toml
# Tacacs plugin collects successful tacacs authentication response times.
[[inputs.tacacs]]
  ## An array of Server IPs (or hostnames) and ports to gather from. If none specified, defaults to localhost.
  # servers = ["127.0.0.1:49"]

  ## Request source server IP, normally the server running telegraf.
  # request_ip = "127.0.0.1"

  ## Credentials for tacacs authentication.
  username = "myuser"
  password = "mypassword"
  secret = "mysecret"

  ## Maximum time to receive response.
  # response_timeout = "5s"

Metrics

  • tacacs
    • tags:
      • source
    • fields:

field response_status

The field "response_status" is either a translated raw code returned by the tacacs server, or filled by telegraf in case of a timeout.

Field ValueRaw CodeFromresponsetime_ms
AuthenStatusPass1 (0x1)tacacs serverreal value
AuthenStatusFail2 (0x2)tacacs serverreal value
AuthenStatusGetData3 (0x3)tacacs serverreal value
AuthenStatusGetUser4 (0x4)tacacs serverreal value
AuthenStatusGetPass5 (0x5)tacacs serverreal value
AuthenStatusRestart6 (0x6)tacacs serverreal value
AuthenStatusError7 (0x7)tacacs serverreal value
AuthenStatusFollow33 (0x21)tacacs serverreal value
TimeoutTimeouttelegrafeq. to response_timeout

field responsetime_ms

The field responsetime_ms is response time of the tacacs server in milliseconds of the furthest achieved stage of auth. In case of timeout, its filled by telegraf to be the value of the configured response_timeout.

Example Output

text
tacacs,source=127.0.0.1:49 responsetime_ms=311i,response_status="AuthenStatusPass" 1677526200000000000