telegraf/plugins/inputs/pf/README.md

# PF Plugin

The pf plugin gathers information from the FreeBSD/OpenBSD pf firewall. Currently it can retrieve information about the state table: the number of current entries in the table, and counters for the number of searches, inserts, and removals to the table.

The pf plugin retrieves this information by invoking the `pfstat` command. The `pfstat` command requires read access to the device file `/dev/pf`. You have several options to permit telegraf to run `pfctl`:

* Run telegraf as root. This is strongly discouraged.
* Change the ownership and permissions for /dev/pf such that the user telegraf runs at can read the /dev/pf device file. This is probably not that good of an idea either.
* Configure sudo to grant telegraf to run `pfctl` as root. This is the most restrictive option, but require sudo setup.

### Using sudo

You may edit your sudo configuration with the following:

```sudo
telegraf ALL=(root) NOPASSWD: /sbin/pfctl -s info
```

### Configuration:

```toml
  # use sudo to run pfctl
  use_sudo = false
```

### Measurements & Fields:


- pf
    - entries (integer, count)
    - searches (integer, count)
    - inserts (integer, count)
    - removals (integer, count)
    - match (integer, count)
    - bad-offset (integer, count)
    - fragment (integer, count)
    - short (integer, count)
    - normalize (integer, count)
    - memory (integer, count)
    - bad-timestamp (integer, count)
    - congestion (integer, count)
    - ip-option (integer, count)
    - proto-cksum (integer, count)
    - state-mismatch (integer, count)
    - state-insert (integer, count)
    - state-limit (integer, count)
    - src-limit (integer, count)
    - synproxy (integer, count)

### Example Output:

```
> pfctl -s info
Status: Enabled for 0 days 00:26:05           Debug: Urgent

State Table                          Total             Rate
  current entries                        2               
  searches                           11325            7.2/s
  inserts                                5            0.0/s
  removals                               3            0.0/s
Counters
  match                              11226            7.2/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                         0            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s
```

```
> ./telegraf --config telegraf.conf --input-filter pf --test
* Plugin: inputs.pf, Collection 1
> pf,host=columbia entries=3i,searches=2668i,inserts=12i,removals=9i 1510941775000000000
```
Add input plugin for OpenBSD/FreeBSD pf (#3405) 2017-11-30 00:32:50 +00:00			`# PF Plugin`

Fix spelling errors in comments and documentation (#7492) 2020-05-14 07:41:58 +00:00			`The pf plugin gathers information from the FreeBSD/OpenBSD pf firewall. Currently it can retrieve information about the state table: the number of current entries in the table, and counters for the number of searches, inserts, and removals to the table.`
Add input plugin for OpenBSD/FreeBSD pf (#3405) 2017-11-30 00:32:50 +00:00
Fix spelling errors in comments and documentation (#7492) 2020-05-14 07:41:58 +00:00			The pf plugin retrieves this information by invoking the `pfstat` command. The `pfstat` command requires read access to the device file `/dev/pf`. You have several options to permit telegraf to run `pfctl`:
Add input plugin for OpenBSD/FreeBSD pf (#3405) 2017-11-30 00:32:50 +00:00
			`* Run telegraf as root. This is strongly discouraged.`
			`* Change the ownership and permissions for /dev/pf such that the user telegraf runs at can read the /dev/pf device file. This is probably not that good of an idea either.`
			* Configure sudo to grant telegraf to run `pfctl` as root. This is the most restrictive option, but require sudo setup.

			`### Using sudo`

			`You may edit your sudo configuration with the following:`

			```sudo
			`telegraf ALL=(root) NOPASSWD: /sbin/pfctl -s info`
			```

			`### Configuration:`

			```toml
			`# use sudo to run pfctl`
			`use_sudo = false`
			```

			`### Measurements & Fields:`


			`- pf`
			`- entries (integer, count)`
			`- searches (integer, count)`
			`- inserts (integer, count)`
			`- removals (integer, count)`
Add counter fields to pf input (#4216) 2018-06-05 00:58:20 +00:00			`- match (integer, count)`
			`- bad-offset (integer, count)`
			`- fragment (integer, count)`
			`- short (integer, count)`
			`- normalize (integer, count)`
			`- memory (integer, count)`
			`- bad-timestamp (integer, count)`
			`- congestion (integer, count)`
			`- ip-option (integer, count)`
			`- proto-cksum (integer, count)`
			`- state-mismatch (integer, count)`
			`- state-insert (integer, count)`
			`- state-limit (integer, count)`
			`- src-limit (integer, count)`
			`- synproxy (integer, count)`
Add input plugin for OpenBSD/FreeBSD pf (#3405) 2017-11-30 00:32:50 +00:00
			`### Example Output:`

			```
			`> pfctl -s info`
			`Status: Enabled for 0 days 00:26:05 Debug: Urgent`

			`State Table Total Rate`
			`current entries 2`
			`searches 11325 7.2/s`
			`inserts 5 0.0/s`
			`removals 3 0.0/s`
			`Counters`
			`match 11226 7.2/s`
			`bad-offset 0 0.0/s`
			`fragment 0 0.0/s`
			`short 0 0.0/s`
			`normalize 0 0.0/s`
			`memory 0 0.0/s`
			`bad-timestamp 0 0.0/s`
			`congestion 0 0.0/s`
			`ip-option 0 0.0/s`
			`proto-cksum 0 0.0/s`
			`state-mismatch 0 0.0/s`
			`state-insert 0 0.0/s`
			`state-limit 0 0.0/s`
			`src-limit 0 0.0/s`
			`synproxy 0 0.0/s`
			```

			```
			`> ./telegraf --config telegraf.conf --input-filter pf --test`
			`* Plugin: inputs.pf, Collection 1`
			`> pf,host=columbia entries=3i,searches=2668i,inserts=12i,removals=9i 1510941775000000000`
			```