Add input plugin for OpenBSD/FreeBSD pf (#3405)

2017-11-29 19:32:50 -05:00
parent 3ba5458220
commit f92a4f528f
4 changed files with 504 additions and 0 deletions
--- a/plugins/inputs/pf/README.md
+++ b/plugins/inputs/pf/README.md
@@ -0,0 +1,68 @@
+# PF Plugin
+
+The pf plugin gathers information from the FreeBSD/OpenBSD pf firewall. Currently it can retrive information about the state table: the number of current entries in the table, and counters for the number of searches, inserts, and removals to the table.
+
+The pf plugin retrives this information by invoking the `pfstat` command. The `pfstat` command requires read access to the device file `/dev/pf`. You have several options to permit telegraf to run `pfctl`:
+
+* Run telegraf as root. This is strongly discouraged.
+* Change the ownership and permissions for /dev/pf such that the user telegraf runs at can read the /dev/pf device file. This is probably not that good of an idea either.
+* Configure sudo to grant telegraf to run `pfctl` as root. This is the most restrictive option, but require sudo setup.
+
+### Using sudo
+
+You may edit your sudo configuration with the following:
+
+```sudo
+telegraf ALL=(root) NOPASSWD: /sbin/pfctl -s info
+```
+
+### Configuration:
+
+```toml
+  # use sudo to run pfctl
+  use_sudo = false
+```
+
+### Measurements & Fields:
+
+
+- pf
+    - entries (integer, count)
+    - searches (integer, count)
+    - inserts (integer, count)
+    - removals (integer, count)
+
+### Example Output:
+
+```
+> pfctl -s info
+Status: Enabled for 0 days 00:26:05           Debug: Urgent
+
+State Table                          Total             Rate
+  current entries                        2               
+  searches                           11325            7.2/s
+  inserts                                5            0.0/s
+  removals                               3            0.0/s
+Counters
+  match                              11226            7.2/s
+  bad-offset                             0            0.0/s
+  fragment                               0            0.0/s
+  short                                  0            0.0/s
+  normalize                              0            0.0/s
+  memory                                 0            0.0/s
+  bad-timestamp                          0            0.0/s
+  congestion                             0            0.0/s
+  ip-option                              0            0.0/s
+  proto-cksum                            0            0.0/s
+  state-mismatch                         0            0.0/s
+  state-insert                           0            0.0/s
+  state-limit                            0            0.0/s
+  src-limit                              0            0.0/s
+  synproxy                               0            0.0/s
+```
+
+```
+> ./telegraf --config telegraf.conf --input-filter pf --test
+* Plugin: inputs.pf, Collection 1
+> pf,host=columbia entries=3i,searches=2668i,inserts=12i,removals=9i 1510941775000000000
+```