tacacs

package
v1.35.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2025 License: MIT Imports: 13 Imported by: 0

README

Tacacs Input Plugin

This plugin collects metrics on Terminal Access Controller Access Control System authentication requests like response status and response time from servers such as Aruba ClearPass, FreeRADIUS or TACACS+.

The plugin is primarily meant to monitor how long it takes for the server to fully handle an authentication request, including all potential dependent calls (for example to AD servers, or other sources of truth).

⭐ Telegraf v1.28.0 🏷️ network 💻 all

Global configuration options

In addition to the plugin-specific configuration settings, plugins support additional global and plugin configuration settings. These settings are used to modify metrics, tags, and field or create aliases and configure ordering, etc. See the CONFIGURATION.md for more details.

Secret-store support

This plugin supports secrets from secret-stores for the username, password and secret option. See the secret-store documentation for more details on how to use them.

Configuration

# Tacacs plugin collects successful tacacs authentication response times.
[[inputs.tacacs]]
  ## An array of Server IPs (or hostnames) and ports to gather from. If none specified, defaults to localhost.
  # servers = ["127.0.0.1:49"]

  ## Request source server IP, normally the server running telegraf.
  # request_ip = "127.0.0.1"

  ## Credentials for tacacs authentication.
  username = "myuser"
  password = "mypassword"
  secret = "mysecret"

  ## Maximum time to receive response.
  # response_timeout = "5s"

Metrics

  • tacacs
    • tags:
      • source
    • fields:
field response_status

The field "response_status" is either a translated raw code returned by the tacacs server, or filled by telegraf in case of a timeout.

Field Value Raw Code From responsetime_ms
AuthenStatusPass 1 (0x1) tacacs server real value
AuthenStatusFail 2 (0x2) tacacs server real value
AuthenStatusGetData 3 (0x3) tacacs server real value
AuthenStatusGetUser 4 (0x4) tacacs server real value
AuthenStatusGetPass 5 (0x5) tacacs server real value
AuthenStatusRestart 6 (0x6) tacacs server real value
AuthenStatusError 7 (0x7) tacacs server real value
AuthenStatusFollow 33 (0x21) tacacs server real value
Timeout Timeout telegraf eq. to response_timeout
field responsetime_ms

The field responsetime_ms is response time of the tacacs server in milliseconds of the furthest achieved stage of auth. In case of timeout, its filled by telegraf to be the value of the configured response_timeout.

Example Output

tacacs,source=127.0.0.1:49 responsetime_ms=311i,response_status="AuthenStatusPass" 1677526200000000000

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Tacacs 

type Tacacs struct {
	Servers         []string        `toml:"servers"`
	Username        config.Secret   `toml:"username"`
	Password        config.Secret   `toml:"password"`
	Secret          config.Secret   `toml:"secret"`
	RequestAddr     string          `toml:"request_ip"`
	ResponseTimeout config.Duration `toml:"response_timeout"`
	Log             telegraf.Logger `toml:"-"`
	// contains filtered or unexported fields
}

func (*Tacacs) Gather 

func (t *Tacacs) Gather(acc telegraf.Accumulator) error

func (*Tacacs) Init 

func (t *Tacacs) Init() error

func (*Tacacs) SampleConfig 

func (*Tacacs) SampleConfig() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.