telegraf feature request

Started by chenwanli, October 07, 2018, 11:11:06 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
October 07, 2018, 11:11:06 AM
Hi,
I set up a opnsense appliance box as my homelab equipment,I noticed that telegraf could ONLY monitor metrics such as system,RAM,NET etc....

I also set ntpd,unbound(DNS resolver), could you make telegraf more customize so I could monitor more metrics ?

Thank you !
October 07, 2018, 11:43:03 AM #1
How would this .conf look like?
October 07, 2018, 12:12:07 PM #2
via telegraf config GUI
October 07, 2018, 05:52:00 PM #3
Good point - If I may also come up with a wishlist:

[[inputs.conntrack]] (if feasible on freebsd)

[[inputs.swap]]

[[inputs.hddtemp]]

[[inputs.ipmi_sensor]]

[[inputs.netstat]]

[[inputs.nginx]]

[[inputs.pf]]

[[inputs.smart]]

[[inputs.sysstat]] (if supported by freebsd)

[[inputs.unbound]]

[[inputs.zfs]]

Some of those need indeed some extension of the freebsd system packages also for OPNsense, which today might not be there to keep it small; but for professional use this might be worth thinking ....

Br br
October 07, 2018, 05:53:48 PM #4
bringha, can you enable these in telegraf.conf and restart the service via CLI and look if new metrics are collected? Sometimes there are additional configurations needed, like socket path
October 07, 2018, 06:06:17 PM #5
Yea, at least partly - will do when I'm back
October 07, 2018, 06:50:49 PM #6
conntrack will probably not work because that is a component of netfilter (the Linux firewall framework on which nftables and iptables are based).
October 08, 2018, 09:38:04 AM #7
telegraf itself supports many metrics,and opnsense has it's packages also。

I wish OPNsense could support monitoring the metrics of supported packages,like ntpd, unbound....

many people set up OPNsense as a base service device, gateway as it , ntp server as it, DNS as it....so monitoring these metrics may be wonderful!
October 08, 2018, 10:18:33 AM #8
I know, I just asked if you have tested it with OPNsense doing this without GUI, so I dont have to test everything by myself before adding it to plugin
October 08, 2018, 11:59:39 AM #9
yes, I manually inputs.ntpq into telegraf.conf ,it works...
October 08, 2018, 12:30:42 PM #10
What about the other values?
October 08, 2018, 01:41:32 PM #11
Code Select

[[inputs.ntpq]]


just add above into telegraf.conf ,then manully start telegraf,it works well.

maybe you could read the telegraf inputs doc for full help.

https://github.com/influxdata/telegraf#input-plugins


October 08, 2018, 09:29:18 PM #12 Last Edit: October 08, 2018, 09:35:51 PM by bringha
Hi,

here some more feedback. Expanding some more features might be worth to consider some security implications
Code Select

[[inputs.ipmi_sensor]]
servers = ["<ADMIN_USER>:<password>@lan(192.168.1.X)"]

works basically if the user telegraph is made belonging to group 'operator', otherwise /dev/ipmi0 can not be opened. Indeed, full ipmi_tool installation including kernelmodules need to be there. Could be a security issue.

Code Select
[[inputs.pf]]
requires access to /dev/pf and user telegraf need to belong to group 'proxy' too; also worth a security consideration

Code Select
[[inputs.netstat]]
needs command lsof which is in /usr/ports but requires kernel sources to compile; perhaps worth to consider to make lsof integral part of the standard installation. Might be that additional topics pop up after lsof has been installed.

Code Select

[[inputs.unbound]]
## If running as a restricted user you can prepend sudo for additional access:
#use_sudo = false

## The default location of the unbound-control binary can be overridden with:
binary = "/usr/local/sbin/unbound-control"

## The default timeout of 1s can be overriden with:
timeout = "1s"

## Use the builtin fielddrop/fieldpass telegraf filters in order to keep/remove specific fields
fieldpass = ["total_*", "num_*","time_up", "mem_*"]

This requires enablement of usage of /usr/local/sbin/unbound-control to work in the unbound config. Did not have the time to get this up as certificates for client and server need to work properly but should be feasible basically. (Was not couragous enough to run unbound-control-setup  and to put my running config at risk on my productive system ....) ;)
There are some comments in the fora recommending not to enable unbound-control on a primary firewall installation.

All telegraf functions relying on /proc (eg /proc/CPUinfo) are likely to fail as freebsd proc has a widely smaller structure compared to Linux

Br br
October 12, 2018, 12:27:31 PM #13
cool, hope opnsense could make it . ;D ;D
October 12, 2018, 01:17:00 PM #14
I'll start after 18.7.5 .. have to sort out some things first, but most of it should be easy.
THe more you gave me input like this and that works when manually edit telegraf.conf the faster I can fix/add this. :)
Print
Go Up Pages1 2
User actions