Monitoring OpenWRT devices with Prometheus

· 2 min read

I want to access metrics of my OpenWRT networking equipment in my Prometheus/Grafana setup. Luckily, there are OpenWRT packages for exporters that provide Prometheus endpoints directly on the device and require no external services.

To enable Prometheus monitoring on the OpenWRT device, I install the corresponding exporter packages, e.g. via SSH:

ssh root@host opkg install prometheus-node-exporter-lua-hwmon prometheus-node-exporter-lua-netstat prometheus-node-exporter-lua prometheus-node-exporter-lua-nat_traffic prometheus-node-exporter-lua-thermal prometheus-node-exporter-lua-openwrt prometheus-node-exporter-lua-ethtool prometheus-node-exporter-lua-nft-counters prometheus-node-exporter-lua-uci_dhcp_host prometheus-node-exporter-ucode prometheus-node-exporter-lua-snmp6 prometheus-node-exporter-ucode-dnsmasq prometheus-node-exporter-ucode-wireguard prometheus-node-exporter-lua-wifi prometheus-node-exporter-lua-wifi_stations

WiFi related packages may be excluded if the device has no WiFi radios. There are more packages available that may be included if corresponding hardware / services are used. Note that there are two kinds of Prometheus exporters for OpenWRT, the lua ones and the ucode ones. I prefer the lua ones as there are more exporters available for the lua framework.

After intalling the packages, the exporter listens on localhost only by default. To enable listening on other interfaces, the configuration file at /etc/config/prometheus-node-exporter-lua needs to be edited. The listen_interface parameter should be adjusted accordingly. In my case, I limit the prometheus exporter to my Wireguard interface, to avoid exposing Prometheus metrics in the network:

root@turris:~# cat /etc/config/prometheus-node-exporter-lua 
config prometheus-node-exporter-lua 'main'
	option listen_interface 'wireguard'
	option listen_port '9100'

After that, restart the prometheus exporter using /etc/init.d/prometheus-node-exporter-lua restart.

The ucode exporters have a similar configuration file at /etc/config/prometheus-node-exporter-ucode that is also limited to localhost by default, however, I did not use that one yet.