telegraf feature request

Started by chenwanli, October 07, 2018, 11:11:06 AM

Previous topic - Next topic
Hi,
I set up a opnsense appliance box as my homelab equipment,I noticed that telegraf could ONLY monitor metrics such as system,RAM,NET etc....

I also set ntpd,unbound(DNS resolver), could you make telegraf more customize so I could monitor more metrics ?

Thank you !



Good point - If I may also come up with a wishlist:

[[inputs.conntrack]] (if feasible on freebsd)

[[inputs.swap]]

[[inputs.hddtemp]]

[[inputs.ipmi_sensor]]

[[inputs.netstat]]

[[inputs.nginx]]

[[inputs.pf]]

[[inputs.smart]]

[[inputs.sysstat]] (if supported by freebsd)

[[inputs.unbound]]

[[inputs.zfs]]

Some of those need indeed some extension of the freebsd system packages also for OPNsense, which today might not be there to keep it small; but for professional use this might be worth thinking ....

Br br

bringha, can you enable these in telegraf.conf and restart the service via CLI and look if new metrics are collected? Sometimes there are additional configurations needed, like socket path

Yea, at least partly - will do when I'm back

conntrack will probably not work because that is a component of netfilter (the Linux firewall framework on which nftables and iptables are based).

telegraf itself supports many metrics,and opnsense has it's packages also。

I wish OPNsense could support monitoring the metrics of supported packages,like ntpd, unbound....

many people set up OPNsense as a base service device, gateway as it , ntp server as it, DNS as it....so monitoring these metrics may be wonderful!

I know, I just asked if you have tested it with OPNsense doing this without GUI, so I dont have to test everything by myself before adding it to plugin

yes, I manually inputs.ntpq into telegraf.conf ,it works...



[[inputs.ntpq]]


just add above into telegraf.conf ,then manully start telegraf,it works well.

maybe you could read the telegraf inputs doc for full help.

https://github.com/influxdata/telegraf#input-plugins



October 08, 2018, 09:29:18 PM #12 Last Edit: October 08, 2018, 09:35:51 PM by bringha
Hi,

here some more feedback. Expanding some more features might be worth to consider some security implications

[[inputs.ipmi_sensor]]
servers = ["<ADMIN_USER>:<password>@lan(192.168.1.X)"]

works basically if the user telegraph is made belonging to group 'operator', otherwise /dev/ipmi0 can not be opened. Indeed, full ipmi_tool installation including kernelmodules need to be there. Could be a security issue.

[[inputs.pf]]
requires access to /dev/pf and user telegraf need to belong to group 'proxy' too; also worth a security consideration

[[inputs.netstat]]
needs command lsof which is in /usr/ports but requires kernel sources to compile; perhaps worth to consider to make lsof integral part of the standard installation. Might be that additional topics pop up after lsof has been installed.


[[inputs.unbound]]
## If running as a restricted user you can prepend sudo for additional access:
#use_sudo = false

## The default location of the unbound-control binary can be overridden with:
binary = "/usr/local/sbin/unbound-control"

## The default timeout of 1s can be overriden with:
timeout = "1s"

## Use the builtin fielddrop/fieldpass telegraf filters in order to keep/remove specific fields
fieldpass = ["total_*", "num_*","time_up", "mem_*"]

This requires enablement of usage of /usr/local/sbin/unbound-control to work in the unbound config. Did not have the time to get this up as certificates for client and server need to work properly but should be feasible basically. (Was not couragous enough to run unbound-control-setup  and to put my running config at risk on my productive system ....) ;)
There are some comments in the fora recommending not to enable unbound-control on a primary firewall installation.

All telegraf functions relying on /proc (eg /proc/CPUinfo) are likely to fail as freebsd proc has a widely smaller structure compared to Linux

Br br

cool, hope opnsense could make it . ;D ;D

I'll start after 18.7.5 .. have to sort out some things first, but most of it should be easy.
THe more you gave me input like this and that works when manually edit telegraf.conf the faster I can fix/add this. :)