{"id":15562792,"url":"https://github.com/sonsongithub/f2-210","last_synced_at":"2025-08-02T04:05:41.652Z","repository":{"id":66551715,"uuid":"373904435","full_name":"sonsongithub/F2-210","owner":"sonsongithub","description":"Scripts, documents and config files for F2-210.","archived":false,"fork":false,"pushed_at":"2021-06-13T08:52:56.000Z","size":14,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-29T05:11:19.023Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sonsongithub.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-04T16:43:22.000Z","updated_at":"2023-08-22T11:28:50.000Z","dependencies_parsed_at":null,"dependency_job_id":"199d2cb0-707d-4af0-a29c-92a70798aaf1","html_url":"https://github.com/sonsongithub/F2-210","commit_stats":{"total_commits":3,"total_committers":1,"mean_commits":3.0,"dds":0.0,"last_synced_commit":"77418617dbab999ef9b742104e7dd7c9eafbdc7b"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sonsongithub/F2-210","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonsongithub%2FF2-210","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonsongithub%2FF2-210/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonsongithub%2FF2-210/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonsongithub%2FF2-210/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sonsongithub","download_url":"https://codeload.github.com/sonsongithub/F2-210/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sonsongithub%2FF2-210/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268334007,"owners_count":24233782,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-02T02:00:12.353Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-02T16:16:21.755Z","updated_at":"2025-08-02T04:05:41.589Z","avatar_url":"https://github.com/sonsongithub.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"## F2-210\n\nI bought this NAS, F2-210, for Time machine, that is macOS backup system, but since I don't use Time machine much anymore, I've started using it as a regular file server. Its main use has become a place to store Scratch and captured game videos made by my sons. As a result, As a result, there is a surplus of capacity of the NAS. The F2-210 runs on ARM and on Linux distributed by a company called Terramaster called TOS. TOS has a browser-based GUI, and users can also install Docker to it with the GUI tool.\n\n## Monitoring\n\nI tried to use EdgerouterX to setup VPN. I wanted to have a monitoring system to check for anomaly accesses. So I decided to create a monitoring system for this NAS. Typicall, one can choise nagios and SNMP for monitoring. I don't want to use nagios because of its representaion is very poor.\n\nI have some options.\n\n1. nagios\n2. icinga\n3. zabbix\n4. others\n\nI could find only icinga and nagios docker files on ARM CPU. So, I choose icinga2 for my SNMP agent.\n\n## How to install, icinga2 and graphite\n\nOne has to setup two containers, graphite and icinga2. graphite is needed for visualizing the performace data in a graph on icinga2.\n\n1. [graphite at docker hub](https://hub.docker.com/r/graphiteapp/graphite-statsd/)\n2. [icinga2 at docker hub](https://hub.docker.com/r/jordan/icinga2/)\n\n### command example\n\nicinga2 containrer is made communicate with graphite container via docker network.\n\n```\nNAS\u003e docker pull jordan/icinga2\nNAS\u003e docker pull graphiteapp/graphite-statsd\nNAS\u003e docker run -d --name graphite graphiteapp/graphite-statsd\nNAS\u003e docker run -d -p 8008:80 \\\n    -h icinga2 -t \\\n    --link graphite \\\n    -e ICINGA2_FEATURE_GRAPHITE=true \\\n    -e ICINGA2_FEATURE_GRAPHITE_HOST=graphite \\\n    -e ICINGA2_FEATURE_GRAPHITE_PORT=2003 \\\n    jordan/icinga2:latest\n```\n\n## Check VPN session on EdgeRouterX\n\nIdeally, it would be possible to check the status of the VPN via SNMP, but I could not locate the OID of the VPN. You can check the VPN status of EdgeRouterX with the following command directly.\n\n```\nERX\u003e show vpn ipsec status\nIPSec Process Running PID: XXXX\n\n0 Active IPsec Tunnels\n\nIPsec Interfaces :....\n```\n\nBut, this command can not execute via ssh directy. So, you have to do it with the following codes.\n\n```\nERX\u003e vbash -ic 'show vpn ipsec status'\n```\n\nFinally, you can check how many VPN sessions are established [the following commands](./check_vpn_by_ssh.sh). This script got text from ERX and converts them into a SNMP format.\n\n```\n#!/bin/bash\nresult=$(ssh -q ubnt@192.168.10.1 'vbash -ic \"show vpn ipsec status\"')\ncount=$(echo \"${result}\" | awk '/([0-9]+) Active IPsec Tunnels/{print $1}')\necho \"OK - ${count} users | users=${count}\"\n```\n\n## How to register a public key to ERX\n\n[Link](https://community.ui.com/questions/ssh-authorizedkeys/df244c69-9b9c-4662-93d6-820a5f07b53f)\n\nYou can not edit `~/.ssh/authorized_keys` directly on ERX. You have to use configure command to do it.\n\n```\nERX\u003e configure\nload \u003cusername\u003e id_rsa.pub\nsave\nexit\n```\n\nicinga2 accesses the server as `nagios`. So, you have to copy `id_rsa` into `/var/lib/nagios/.ssh`. And you can send/receive files to/from docker containers using the following command.\n\n```\nNAS\u003e docker cp \u003csource\u003e \u003ccontainer id\u003e:\u003cdestination\u003e\n```\n\n## Set up icinga2 for monitoring VPN sessions\n\nI installed `router.conf` into `/etc/icinga2/conf.d/`, as following,\n\n```\nobject Host \"Router\" {\n  import \"generic-host\"\n  address = \"\u003cIP to ERX\u003e\"\n  vars.category = \"Router\"\n  vars.snmp_community = \"public\"\n  vars.snmp_version = \"2c\"\n}\n\nobject CheckCommand \"VPNSession\" {\n  command = [\"/bin/bash\", \"/var/lib/icinga2/check_vpn_by_ssh.sh\"]\n}\n\napply Service \"VPNSession\" {\n  import \"generic-service\"\n  check_command = \"VPNSession\"\n  assign where host.vars.category == \"Router\"\n}\n```\n\nAnd, you have to restart icinga2.\n\n```\nicinga2\u003e service icinga2 restart\n```\n\nIf you took some mistakes editing configure files, some error messages are displayed after this command.\n\n## Monitor other status\n\nYou have to intall MIB files into the icinga2 container before setting up it. You can locate it on ERX at `/usr/share/snmp/mibs`, so copy them into icinga2's container.\n\nAfter copying them, you have to add a search path to snmp.conf. I copied them into `/usr/share/snmp/private-mibs`. So I edited `/usr/share/snmp/snmp.conf` as follows,\n\n```\n# As the snmp packages come without MIB files due to license reasons, loading\n# of MIBs is disabled by default. If you added the MIBs you can reenable\n# loading them by commenting out the following line.\nMIBDIRS /usr/share/snmp/mibs:/usr/share/snmp/private-mibs\nMIBS all\n```\n\nI added to `router.conf` a following configuration in order to monitor bandwidth of each ethernet port.\n\n```\napply Service \"eth0_rx\" {\n  import \"generic-service\"\n\n  check_command = \"snmp\"\n  vars.snmp_oid = \"1.3.6.1.2.1.31.1.1.1.6.4\"\n  vars.snmp_label = \"eth0_rx\"\n  vars.snmp_rate = true\n  name = \"eth0_rx\"\n  assign where host.vars.category == \"Router\"\n}\n\napply Service \"eth1_rx\" {\n  import \"generic-service\"\n\n  check_command = \"snmp\"\n  vars.snmp_oid = \"1.3.6.1.2.1.31.1.1.1.6.5\"\n  vars.snmp_label = \"eth0_rx\"\n  vars.snmp_rate = true\n  name = \"eth1_rx\"\n  assign where host.vars.category == \"Router\"\n}\n\napply Service \"eth0_tx\" {\n  import \"generic-service\"\n\n  check_command = \"snmp\"\n  vars.snmp_oid = \"1.3.6.1.2.1.31.1.1.1.10.4\"\n  vars.snmp_label = \"eth0_tx\"\n  vars.snmp_rate = true\n  name = \"eth0_tx\"\n  assign where host.vars.category == \"Router\"\n}\n\napply Service \"eth1_tx\" {\n  import \"generic-service\"\n\n  check_command = \"snmp\"\n  vars.snmp_oid = \"1.3.6.1.2.1.31.1.1.1.10.5\"\n  vars.snmp_label = \"eth1_tx\"\n  vars.snmp_rate = true\n  name = \"eth1_tx\"\n  assign where host.vars.category == \"Router\"\n}\n```\n\nI search OID using [this script](https://gist.github.com/nbrownus/dfd8ab05728bbf8ff5993ac0d34eaeb6). \n\n## Customize graphs by graphite \n\nYou can customize graphs in graphite. Like as the following picture,\n\n\u003cimg width=\"736\" alt=\"スクリーンショット 2021-06-13 17 30 29\" src=\"https://user-images.githubusercontent.com/33768/121800492-479e7280-cc6d-11eb-9f06-be104d624103.png\"\u003e\n\nYou can edit properties of a graph by editing `/etc/icingaweb2/modules/graphite/templates/default.ini`. And, editing configure files, `/usr/local/share/icingaweb2/modules/graphite/templates`, you change appearance of graphs.\n\n## References\n\n1. https://community.ui.com/questions/ssh-authorizedkeys/df244c69-9b9c-4662-93d6-820a5f07b53f\n2. https://community.ui.com/questions/Deleting-a-previously-loaded-SSH-auth-key-from-the-config/13fa1c42-a84f-4c9a-b602-d46a294c7c1f\n3. https://community.ui.com/questions/Problem-running-SSH-Putty-script-towards-EdgeRouter/730d2baa-41f1-4a49-89df-b10fa70856d5\n4. https://community.icinga.com/t/how-to-adjust-the-graphite-background-color/3172/4\n5. https://github.com/mlutfy/nagios-plugins/blob/master/check_max_open_files.sh\n6. https://qiita.com/papillon/items/abbb210fa927911f7e33\n7. https://qiita.com/papillon/items/5bb8c4b19382cd8838de\n8. https://techexpert.tips/ja/アイシングア2/icinga2-icmp-モニタリング/\n9. https://techexpert.tips/ja/アイシングア2/icinga2-ウェブサイトのモニタリング/\n10. ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsonsongithub%2Ff2-210","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsonsongithub%2Ff2-210","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsonsongithub%2Ff2-210/lists"}