dom
/
telegraf
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add lock option to the IPtables input plugin (#2201) 

* Update README.md

* Add lock support to the IPtables input plugin

* Update iptables.go

Doc cleaning
This commit is contained in:
ldep30 2017-02-01 15:37:18 +01:00 committed by Cameron Sparr
parent 786557a2cc
commit 4740b818fe
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/inputs/iptables/README.md
View File

@ -30,11 +30,17 @@ You may edit your sudo configuration with the following:
telegraf ALL=(root) NOPASSWD: /usr/bin/iptables -nvL * telegraf ALL=(root) NOPASSWD: /usr/bin/iptables -nvL *
``` ```
### Using IPtables lock feature
Defining multiple instances of this plugin in telegraf.conf can lead to concurrent IPtables access resulting in "ERROR in input [inputs.iptables]: exit status 4" messages in telegraf.log and missing metrics. Setting 'use_lock = true' in the plugin configuration will run IPtables with the '-w' switch, allowing a lock usage to prevent this error.
### Configuration: ### Configuration:
```toml ```toml
# use sudo to run iptables # use sudo to run iptables
use_sudo = false use_sudo = false
# run iptables with the lock option
use_lock = false
# defines the table to monitor: # defines the table to monitor:
table = "filter" table = "filter"
# defines the chains to monitor: # defines the chains to monitor:

10
plugins/inputs/iptables/iptables.go
View File

@ -16,6 +16,7 @@ import (
// Iptables is a telegraf plugin to gather packets and bytes throughput from Linux's iptables packet filter. // Iptables is a telegraf plugin to gather packets and bytes throughput from Linux's iptables packet filter.
type Iptables struct { type Iptables struct {
UseSudo bool UseSudo bool
UseLock bool
Table string Table string
Chains []string Chains []string
lister chainLister lister chainLister
@ -34,6 +35,9 @@ func (ipt *Iptables) SampleConfig() string {
## Users must configure sudo to allow telegraf user to run iptables with no password. ## Users must configure sudo to allow telegraf user to run iptables with no password.
## iptables can be restricted to only list command "iptables -nvL" ## iptables can be restricted to only list command "iptables -nvL"
use_sudo = false use_sudo = false
## Setting 'use_lock' to true runs iptables with the "-w" option.
## Adjust your sudo settings appropriately if using this option ("iptables -wnvl")
use_lock = false
## defines the table to monitor: ## defines the table to monitor:
table = "filter" table = "filter"
## defines the chains to monitor: ## defines the chains to monitor:
@ -75,7 +79,11 @@ func (ipt *Iptables) chainList(table, chain string) (string, error) {
name = "sudo" name = "sudo"
args = append(args, iptablePath) args = append(args, iptablePath)
} }
args = append(args, "-nvL", chain, "-t", table, "-x") iptablesBaseArgs := "-nvL"
if ipt.UseLock {
iptablesBaseArgs = "-wnvL"
}
args = append(args, iptablesBaseArgs, chain, "-t", table, "-x")
c := exec.Command(name, args...) c := exec.Command(name, args...)
out, err := c.Output() out, err := c.Output()
return string(out), err return string(out), err