Add lock option to the IPtables input plugin (#2201)
* Update README.md * Add lock support to the IPtables input plugin * Update iptables.go Doc cleaning
This commit is contained in:
parent
aeb849d744
commit
07a6223932
|
@ -30,11 +30,17 @@ You may edit your sudo configuration with the following:
|
||||||
telegraf ALL=(root) NOPASSWD: /usr/bin/iptables -nvL *
|
telegraf ALL=(root) NOPASSWD: /usr/bin/iptables -nvL *
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Using IPtables lock feature
|
||||||
|
|
||||||
|
Defining multiple instances of this plugin in telegraf.conf can lead to concurrent IPtables access resulting in "ERROR in input [inputs.iptables]: exit status 4" messages in telegraf.log and missing metrics. Setting 'use_lock = true' in the plugin configuration will run IPtables with the '-w' switch, allowing a lock usage to prevent this error.
|
||||||
|
|
||||||
### Configuration:
|
### Configuration:
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
# use sudo to run iptables
|
# use sudo to run iptables
|
||||||
use_sudo = false
|
use_sudo = false
|
||||||
|
# run iptables with the lock option
|
||||||
|
use_lock = false
|
||||||
# defines the table to monitor:
|
# defines the table to monitor:
|
||||||
table = "filter"
|
table = "filter"
|
||||||
# defines the chains to monitor:
|
# defines the chains to monitor:
|
||||||
|
|
|
@ -16,6 +16,7 @@ import (
|
||||||
// Iptables is a telegraf plugin to gather packets and bytes throughput from Linux's iptables packet filter.
|
// Iptables is a telegraf plugin to gather packets and bytes throughput from Linux's iptables packet filter.
|
||||||
type Iptables struct {
|
type Iptables struct {
|
||||||
UseSudo bool
|
UseSudo bool
|
||||||
|
UseLock bool
|
||||||
Table string
|
Table string
|
||||||
Chains []string
|
Chains []string
|
||||||
lister chainLister
|
lister chainLister
|
||||||
|
@ -34,6 +35,9 @@ func (ipt *Iptables) SampleConfig() string {
|
||||||
## Users must configure sudo to allow telegraf user to run iptables with no password.
|
## Users must configure sudo to allow telegraf user to run iptables with no password.
|
||||||
## iptables can be restricted to only list command "iptables -nvL"
|
## iptables can be restricted to only list command "iptables -nvL"
|
||||||
use_sudo = false
|
use_sudo = false
|
||||||
|
## Setting 'use_lock' to true runs iptables with the "-w" option.
|
||||||
|
## Adjust your sudo settings appropriately if using this option ("iptables -wnvl")
|
||||||
|
use_lock = false
|
||||||
## defines the table to monitor:
|
## defines the table to monitor:
|
||||||
table = "filter"
|
table = "filter"
|
||||||
## defines the chains to monitor:
|
## defines the chains to monitor:
|
||||||
|
@ -75,7 +79,11 @@ func (ipt *Iptables) chainList(table, chain string) (string, error) {
|
||||||
name = "sudo"
|
name = "sudo"
|
||||||
args = append(args, iptablePath)
|
args = append(args, iptablePath)
|
||||||
}
|
}
|
||||||
args = append(args, "-nvL", chain, "-t", table, "-x")
|
iptablesBaseArgs := "-nvL"
|
||||||
|
if ipt.UseLock {
|
||||||
|
iptablesBaseArgs = "-wnvL"
|
||||||
|
}
|
||||||
|
args = append(args, iptablesBaseArgs, chain, "-t", table, "-x")
|
||||||
c := exec.Command(name, args...)
|
c := exec.Command(name, args...)
|
||||||
out, err := c.Output()
|
out, err := c.Output()
|
||||||
return string(out), err
|
return string(out), err
|
||||||
|
|
Loading…
Reference in New Issue