dom/telegraf
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Iptables input: document better the ignored rules behavior (#2482)

Browse Source 
During issue #2215 it was highlighted that the current behavior where
rules without a comment are ignored is confusing for several users.

This commit improves the documentation and adds a NOTE to the sample
config to clarify the behavior for new users.
This commit is contained in:
Charles-Henri
2017-03-02 10:58:26 +01:00
committed by Cameron Sparr
parent 9618515926
commit 1873abd248
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/inputs/iptables/README.md
View File

@@ -2,7 +2,11 @@
The iptables plugin gathers packets and bytes counters for rules within a set of table and chain from the Linux's iptables firewall.
Rules are identified through associated comment. Rules without comment are ignored.
Rules are identified through associated comment. **Rules without comment are ignored**.
Indeed we need a unique ID for the rule and the rule number is not a constant: it may vary when rules are inserted/deleted at start-up or by automatic tools (interactive firewalls, fail2ban, ...).
Also when the rule set is becoming big (hundreds of lines) most people are interested in monitoring only a small part of the rule set.
Before using this plugin **you must ensure that the rules you want to monitor are named with a unique comment**. Comments are added using the `-m comment --comment "my comment"` iptables options.
The iptables command requires CAP_NET_ADMIN and CAP_NET_RAW capabilities. You have several options to grant telegraf to run iptables: