Adding upstream version 1.34.4.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-05-24 07:26:29 +02:00 · 2025-05-24 07:26:29 +02:00 · 4978089aab
commit 4978089aab
parent e393c3af3f
4963 changed files with 677545 additions and 0 deletions
--- a/plugins/inputs/ipset/README.md
+++ b/plugins/inputs/ipset/README.md
@ -0,0 +1,104 @@
+# Ipset Input Plugin
+
+This plugin gathers packets and bytes counters from [Linux IP sets][ipsets]
+using the `ipset` command line tool.
+
+> [!NOTE]
+> IP sets created without the "counters" option are ignored.
+
+⭐ Telegraf v1.6.0
+🏷️ network, system
+💻 linux
+
+[ipsets]: https://ipset.netfilter.org/
+
+## Global configuration options <!-- @/docs/includes/plugin_config.md -->
+
+In addition to the plugin-specific configuration settings, plugins support
+additional global and plugin configuration settings. These settings are used to
+modify metrics, tags, and field or create aliases and configure ordering, etc.
+See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
+
+[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
+
+## Configuration
+
+```toml @sample.conf
+# Gather packets and bytes counters from Linux ipsets
+  [[inputs.ipset]]
+    ## By default, we only show sets which have already matched at least 1 packet.
+    ## set include_unmatched_sets = true to gather them all.
+    # include_unmatched_sets = false
+
+    ## Adjust your sudo settings appropriately if using this option ("sudo ipset save")
+    ## You can avoid using sudo or root, by setting appropriate privileges for
+    ## the telegraf.service systemd service.
+    # use_sudo = false
+
+    ## Add number of entries and number of individual IPs (resolve CIDR syntax) for each ipset
+    # count_per_ip_entries = false
+
+    ## The default timeout of 1s for ipset execution can be overridden here:
+    # timeout = "1s"
+```
+
+### Permissions
+
+There are 3 ways to grant telegraf the right to run ipset:
+
+- Run as root (strongly discouraged)
+- Use sudo
+- Configure systemd to run telegraf with CAP_NET_ADMIN and CAP_NET_RAW
+  capabilities
+
+#### Using sudo
+
+To use sudo set the `use_sudo` option to `true` and update your sudoers file:
+
+```bash
+$ visudo
+# Add the following line:
+Cmnd_Alias IPSETSAVE = /sbin/ipset save
+telegraf  ALL=(root) NOPASSWD: IPSETSAVE
+Defaults!IPSETSAVE !logfile, !syslog, !pam_session
+```
+
+#### Using systemd capabilities
+
+You may run `systemctl edit telegraf.service` and add the following:
+
+```text
+[Service]
+CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
+AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
+```
+
+## Metrics
+
+- ipset
+  - tags:
+    - rule
+    - set
+  - fields:
+    - timeout
+    - packets
+    - bytes
+
+- ipset (for `count_per_ip_entries = true`)
+  - tags:
+    - set
+  - fields:
+    - entries
+    - ips
+
+## Example Output
+
+```sh
+$ sudo ipset save
+create myset hash:net family inet hashsize 1024 maxelem 65536 counters comment
+add myset 10.69.152.1 packets 8 bytes 672 comment "machine A"
+```
+
+```text
+ipset,rule=10.69.152.1,host=trashme,set=myset bytes_total=8i,packets_total=672i 1507615028000000000
+```