Skip to content

Commit

Permalink
Add metric to track number ssh connect attempts (#11240)
Browse files Browse the repository at this point in the history
* add ssh connect attempts metric

* fix help message wording

Co-authored-by: Paul Gottschling <[email protected]>
  • Loading branch information
rcanderson23 and ptgott committed Mar 31, 2022
1 parent e2c389b commit 9e205ec
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 3 deletions.
3 changes: 2 additions & 1 deletion docs/pages/setup/reference/metrics.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -132,10 +132,11 @@ Teleport Cloud does not expose monitoring endpoints for the Auth Service and Pro

| Name | Type | Component | Description |
| - | - | - | - |
| `failed_connect_to_node_attempts_total` | counter | Teleport Proxy | Number of times a user failed connecting to a Node. |
| `failed_connect_to_node_attempts_total` | counter | Teleport Proxy | Number of failed SSH connection attempts to a node. Use with `teleport_connect_to_node_attempts_total` to get the failure rate. |
| `failed_login_attempts_total` | counter | Teleport Proxy | Number of failed `tsh login` or `tsh ssh` logins. |
| `proxy_connection_limit_exceeded_total` | counter | Teleport Proxy | Number of connections that exceeded the proxy connection limit. |
| `proxy_missing_ssh_tunnels` | gauge | Teleport Proxy | Number of missing SSH tunnels. Used to debug if nodes have discovered all proxies. |
| `teleport_connect_to_node_attempts_total` | counter | Teleport Proxy | Number of SSH connection attempts to a node. Use with `failed_connect_to_node_attempts_total` to get the failure rate. |
| `teleport_reverse_tunnels_connected` | gauge | Teleport Proxy | Number of reverse SSH tunnels connected to the Teleport Proxy Service by Teleport instances. |

## Teleport Nodes
Expand Down
13 changes: 11 additions & 2 deletions lib/srv/regular/proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,19 @@ var ( // failedConnectingToNode counts failed attempts to connect to a node
failedConnectingToNode = prometheus.NewCounter(
prometheus.CounterOpts{
Name: teleport.MetricFailedConnectToNodeAttempts,
Help: "Number of failed attempts to connect to a node",
Help: "Number of failed SSH connection attempts to a node. Use with `teleport_connect_to_node_attempts_total` to get the failure rate.",
},
)

prometheusCollectors = []prometheus.Collector{proxiedSessions, failedConnectingToNode}
connectingToNode = prometheus.NewCounter(
prometheus.CounterOpts{
Namespace: teleport.MetricNamespace,
Name: teleport.MetricConnectToNodeAttempts,
Help: "Number of SSH connection attempts to a node. Use with `failed_connect_to_node_attempts_total` to get the failure rate.",
},
)

prometheusCollectors = []prometheus.Collector{proxiedSessions, failedConnectingToNode, connectingToNode}
)

// proxySubsys implements an SSH subsystem for proxying listening sockets from
Expand Down Expand Up @@ -405,6 +413,7 @@ func (t *proxySubsys) proxyToHost(
AddrNetwork: "tcp",
Addr: serverAddr,
}
connectingToNode.Inc()
conn, err := site.Dial(reversetunnel.DialParams{
From: remoteAddr,
To: toAddr,
Expand Down
3 changes: 3 additions & 0 deletions metrics.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ const (
// MetricFailedLoginAttempts counts failed login attempts
MetricFailedLoginAttempts = "failed_login_attempts_total"

// MetricConnectToNodeAttempts counts ssh attempts
MetricConnectToNodeAttempts = "connect_to_node_attempts_total"

// MetricFailedConnectToNodeAttempts counts failed ssh attempts
MetricFailedConnectToNodeAttempts = "failed_connect_to_node_attempts_total"

Expand Down

0 comments on commit 9e205ec

Please sign in to comment.