Skip to content

Metrics

ContainerSSH contains a Prometheus-compatible metrics server which can be enabled using the following configuration:

metrics:
  <options here>

The metrics server has the following options:

Option Type Description
enable bool Enable metrics server. Defaults to false.
path string HTTP path to serve metrics on. Defaults to /metrics.

Additionally, all options in the HTTP server section on the HTTP and TLS page are available. The metrics server defaults to port 9100.

Tip

For an example on configuring Prometheus with mutual TLS authentication see the Prometheus documentation.

Available metrics

You can configure Prometheus to grab the following metrics:

containerssh_config_server_requests_total
Number of requests to the configuration server since start.
containerssh_config_server_failures_total
Number of failed requests to the configuration server since start.
containerssh_backend_requests_total
Number of requests to the backend (docker, kubernetes etc) since start.
containerssh_backend_errors_total
Number of failed requests to the backend (docker, kubernetes etc) since start.
containerssh_auth_server_requests_total
Number of requests to the authentication server since start.
containerssh_auth_server_failures_total
Number of failed requests to the authentication server since start.
containerssh_auth_success_total
Number of successful authentications since start. Contains labels for authtype (password, pubkey etc) and country (see below).
containerssh_auth_failures_total
Number of failed authentications since start. Contains labels for authtype (password, pubkey etc) and country (see below).
containerssh_ssh_connections_total
Number of SSH connections since start. Contains a label for country (see below).
containerssh_ssh_current_connections
Number of currently active SSH connections. Contains a label for country (see below).
containerssh_ssh_successful_handshakes_total
Number of successful SSH handshakes since start. Contains a label for country (see below).
containerssh_ssh_failed_handshakes_total
Number of failed SSH handshakes since start. Contains a label for country (see below).

Country identification

Country identification works using GeoIP2 or GeoLite2 from MaxMind. This database needs to be provided to ContainerSSH externally due to licensing concerns.

The default path for the GeoIP database is /var/lib/GeoIP/GeoIP2-Country.mmdb, but you can change that using the following configuration snippet:

geoip:
  provider: "maxmind"
  maxmind-geoip2-file: '/var/lib/GeoIP/GeoIP2-Country.mmdb'