influx/telegraf
1
0
Fork 0
Code Issues Activity

Adding upstream version 1.34.4.

Browse source 
Signed-off-by: Daniel Baumann <daniel@debian.org>
This commit is contained in:
Daniel Baumann 2025-05-24 07:26:29 +02:00
parent e393c3af3f
commit 4978089aab
Signed by: daniel
GPG key ID: FBB4F0E80A80222F
4963 changed files with 677545 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

100
plugins/inputs/pf/README.md Normal file
View file

@ -0,0 +1,100 @@
# PF Input Plugin
The pf plugin gathers information from the FreeBSD/OpenBSD pf
firewall. Currently it can retrieve information about the state table: the
number of current entries in the table, and counters for the number of searches,
inserts, and removals to the table.
The pf plugin retrieves this information by invoking the `pfstat` command. The
`pfstat` command requires read access to the device file `/dev/pf`. You have
several options to permit telegraf to run `pfctl`:
* Run telegraf as root. This is strongly discouraged.
* Change the ownership and permissions for /dev/pf such that the user telegraf runs at can read the /dev/pf device file. This is probably not that good of an idea either.
* Configure sudo to grant telegraf to run `pfctl` as root. This is the most restrictive option, but require sudo setup.
* Add "telegraf" to the "proxy" group as /dev/pf is owned by root:proxy.
## Using sudo
You may edit your sudo configuration with the following:
```sudo
telegraf ALL=(root) NOPASSWD: /sbin/pfctl -s info
```
## Global configuration options <!-- @/docs/includes/plugin_config.md -->
In addition to the plugin-specific configuration settings, plugins support
additional global and plugin configuration settings. These settings are used to
modify metrics, tags, and field or create aliases and configure ordering, etc.
See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
## Configuration
```toml @sample.conf
# Gather counters from PF
[[inputs.pf]]
## PF require root access on most systems.
## Setting 'use_sudo' to true will make use of sudo to run pfctl.
## Users must configure sudo to allow telegraf user to run pfctl with no password.
## pfctl can be restricted to only list command "pfctl -s info".
use_sudo = false
```
## Metrics
* pf
* entries (integer, count)
* searches (integer, count)
* inserts (integer, count)
* removals (integer, count)
* match (integer, count)
* bad-offset (integer, count)
* fragment (integer, count)
* short (integer, count)
* normalize (integer, count)
* memory (integer, count)
* bad-timestamp (integer, count)
* congestion (integer, count)
* ip-option (integer, count)
* proto-cksum (integer, count)
* state-mismatch (integer, count)
* state-insert (integer, count)
* state-limit (integer, count)
* src-limit (integer, count)
* synproxy (integer, count)
## Example Output
```shell
> pfctl -s info
Status: Enabled for 0 days 00:26:05 Debug: Urgent
State Table Total Rate
current entries 2
searches 11325 7.2/s
inserts 5 0.0/s
removals 3 0.0/s
Counters
match 11226 7.2/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
```
```text
pf,host=columbia entries=3i,searches=2668i,inserts=12i,removals=9i 1510941775000000000
```

220
plugins/inputs/pf/pf.go Normal file
View file

@ -0,0 +1,220 @@
//go:generate ../../../tools/readme_config_includer/generator
package pf
import (
"bufio"
_ "embed"
"errors"
"fmt"
"os/exec"
"regexp"
"strconv"
"strings"
"github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/plugins/inputs"
)
//go:embed sample.conf
var sampleConfig string
var (
errParseHeader = fmt.Errorf("cannot find header in %s output", pfctlCommand)
anyTableHeaderRE = regexp.MustCompile("^[A-Z]")
stateTableRE = regexp.MustCompile(`^ (.*?)\s+(\d+)`)
counterTableRE = regexp.MustCompile(`^ (.*?)\s+(\d+)`)
execLookPath = exec.LookPath
execCommand = exec.Command
pfctlOutputStanzas = []*pfctlOutputStanza{
{
headerRE: regexp.MustCompile("^State Table"),
parseFunc: parseStateTable,
},
{
headerRE: regexp.MustCompile("^Counters"),
parseFunc: parseCounterTable,
},
}
stateTable = []*entry{
{"entries", "current entries", -1},
{"searches", "searches", -1},
{"inserts", "inserts", -1},
{"removals", "removals", -1},
}
counterTable = []*entry{
{"match", "match", -1},
{"bad-offset", "bad-offset", -1},
{"fragment", "fragment", -1},
{"short", "short", -1},
{"normalize", "normalize", -1},
{"memory", "memory", -1},
{"bad-timestamp", "bad-timestamp", -1},
{"congestion", "congestion", -1},
{"ip-option", "ip-option", -1},
{"proto-cksum", "proto-cksum", -1},
{"state-mismatch", "state-mismatch", -1},
{"state-insert", "state-insert", -1},
{"state-limit", "state-limit", -1},
{"src-limit", "src-limit", -1},
{"synproxy", "synproxy", -1},
}
)
const (
measurement = "pf"
pfctlCommand = "pfctl"
)
type PF struct {
UseSudo bool `toml:"use_sudo"`
pfctlCommand string
pfctlArgs []string
infoFunc func() (string, error)
}
type pfctlOutputStanza struct {
headerRE *regexp.Regexp
parseFunc func([]string, map[string]interface{}) error
found bool
}
type entry struct {
field string
pfctlTitle string
value int64
}
func (*PF) SampleConfig() string {
return sampleConfig
}
func (pf *PF) Gather(acc telegraf.Accumulator) error {
if pf.pfctlCommand == "" {
var err error
if pf.pfctlCommand, pf.pfctlArgs, err = pf.buildPfctlCmd(); err != nil {
acc.AddError(fmt.Errorf("can't construct pfctl commandline: %w", err))
return nil
}
}
o, err := pf.infoFunc()
if err != nil {
acc.AddError(err)
return nil
}
if perr := parsePfctlOutput(o, acc); perr != nil {
acc.AddError(perr)
}
return nil
}
func errMissingData(tag string) error {
return fmt.Errorf("struct data for tag %q not found in %s output", tag, pfctlCommand)
}
func parsePfctlOutput(pfoutput string, acc telegraf.Accumulator) error {
fields := make(map[string]interface{})
scanner := bufio.NewScanner(strings.NewReader(pfoutput))
for scanner.Scan() {
line := scanner.Text()
for _, s := range pfctlOutputStanzas {
if s.headerRE.MatchString(line) {
var stanzaLines []string
scanner.Scan()
line = scanner.Text()
for !anyTableHeaderRE.MatchString(line) {
stanzaLines = append(stanzaLines, line)
more := scanner.Scan()
if !more {
break
}
line = scanner.Text()
}
if perr := s.parseFunc(stanzaLines, fields); perr != nil {
return perr
}
s.found = true
}
}
}
for _, s := range pfctlOutputStanzas {
if !s.found {
return errParseHeader
}
}
acc.AddFields(measurement, fields, make(map[string]string))
return nil
}
func parseStateTable(lines []string, fields map[string]interface{}) error {
return storeFieldValues(lines, stateTableRE, fields, stateTable)
}
func parseCounterTable(lines []string, fields map[string]interface{}) error {
return storeFieldValues(lines, counterTableRE, fields, counterTable)
}
func storeFieldValues(lines []string, regex *regexp.Regexp, fields map[string]interface{}, entryTable []*entry) error {
for _, v := range lines {
entries := regex.FindStringSubmatch(v)
if entries != nil {
for _, f := range entryTable {
if f.pfctlTitle == entries[1] {
var err error
if f.value, err = strconv.ParseInt(entries[2], 10, 64); err != nil {
return err
}
}
}
}
}
for _, v := range entryTable {
if v.value == -1 {
return errMissingData(v.pfctlTitle)
}
fields[v.field] = v.value
}
return nil
}
func (pf *PF) callPfctl() (string, error) {
cmd := execCommand(pf.pfctlCommand, pf.pfctlArgs...)
out, oerr := cmd.Output()
if oerr != nil {
var ee *exec.ExitError
if !errors.As(oerr, &ee) {
return string(out), fmt.Errorf("error running %q: %w: (unable to get stderr)", pfctlCommand, oerr)
}
return string(out), fmt.Errorf("error running %q: %w - %s", pfctlCommand, oerr, ee.Stderr)
}
return string(out), oerr
}
func (pf *PF) buildPfctlCmd() (string, []string, error) {
cmd, err := execLookPath(pfctlCommand)
if err != nil {
return "", nil, fmt.Errorf("can't locate %q: %w", pfctlCommand, err)
}
args := []string{"-s", "info"}
if pf.UseSudo {
args = append([]string{cmd}, args...)
cmd, err = execLookPath("sudo")
if err != nil {
return "", nil, fmt.Errorf("can't locate sudo: %w", err)
}
}
return cmd, args, nil
}
func init() {
inputs.Add("pf", func() telegraf.Input {
pf := &PF{}
pf.infoFunc = pf.callPfctl
return pf
})
}

273
plugins/inputs/pf/pf_test.go Normal file
View file

@ -0,0 +1,273 @@
package pf
import (
"log"
"reflect"
"strconv"
"testing"
"github.com/influxdata/telegraf/testutil"
)
type measurementResult struct {
tags map[string]string
fields map[string]interface{}
}
func TestPfctlInvocation(t *testing.T) {
type pfctlInvocationTestCase struct {
config PF
cmd string
args []string
}
var testCases = []pfctlInvocationTestCase{
// 0: no sudo
{
config: PF{UseSudo: false},
cmd: "fakepfctl",
args: []string{"-s", "info"},
},
// 1: with sudo
{
config: PF{UseSudo: true},
cmd: "fakesudo",
args: []string{"fakepfctl", "-s", "info"},
},
}
for i, tt := range testCases {
execLookPath = func(cmd string) (string, error) { return "fake" + cmd, nil }
t.Run(strconv.Itoa(i), func(t *testing.T) {
log.Printf("running #%d\n", i)
cmd, args, err := tt.config.buildPfctlCmd()
if err != nil {
t.Fatalf("error when running buildPfctlCmd: %s", err)
}
if tt.cmd != cmd || !reflect.DeepEqual(tt.args, args) {
t.Errorf("%d: expected %s - %#v got %s - %#v", i, tt.cmd, tt.args, cmd, args)
}
})
}
}
func TestPfMeasurements(t *testing.T) {
type pfTestCase struct {
TestInput string
err error
measurements []measurementResult
}
testCases := []pfTestCase{
// 0: nil input should raise an error
{TestInput: "", err: errParseHeader},
// 1: changes to pfctl output should raise an error
{TestInput: `Status: Enabled for 161 days 21:24:45 Debug: Urgent
Interface Stats for re1 IPv4 IPv6
Bytes In 2585823744614 1059233657221
Bytes Out 1227266932673 3274698578875
Packets In
Passed 2289953086 1945437219
Blocked 392835739 48609
Packets Out
Passed 1649146326 2605569054
Blocked 107 0
State Table Total Rate
Current Entrys 649
searches 18421725761 1317.0/s
inserts 156762508 11.2/s
removals 156761859 11.2/s
Counters
match 473002784 33.8/s
bad-offset 0 0.0/s
fragment 2729 0.0/s
short 107 0.0/s
normalize 1685 0.0/s
memory 101 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 152301 0.0/s
proto-cksum 108 0.0/s
state-mismatch 24393 0.0/s
state-insert 92 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
`,
err: errMissingData("current entries"),
},
// 2: bad numbers should raise an error
{TestInput: `Status: Enabled for 0 days 00:26:05 Debug: Urgent
State Table Total Rate
current entries -23
searches 11325 7.2/s
inserts 5 0.0/s
removals 3 0.0/s
Counters
match 11226 7.2/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
`,
err: errMissingData("current entries"),
},
{TestInput: `Status: Enabled for 0 days 00:26:05 Debug: Urgent
State Table Total Rate
current entries 2
searches 11325 7.2/s
inserts 5 0.0/s
removals 3 0.0/s
Counters
match 11226 7.2/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
`,
measurements: []measurementResult{
{
fields: map[string]interface{}{
"entries": int64(2),
"searches": int64(11325),
"inserts": int64(5),
"removals": int64(3),
"match": int64(11226),
"bad-offset": int64(0),
"fragment": int64(0),
"short": int64(0),
"normalize": int64(0),
"memory": int64(0),
"bad-timestamp": int64(0),
"congestion": int64(0),
"ip-option": int64(0),
"proto-cksum": int64(0),
"state-mismatch": int64(0),
"state-insert": int64(0),
"state-limit": int64(0),
"src-limit": int64(0),
"synproxy": int64(0)},
tags: map[string]string{},
},
},
},
{TestInput: `Status: Enabled for 161 days 21:24:45 Debug: Urgent
Interface Stats for re1 IPv4 IPv6
Bytes In 2585823744614 1059233657221
Bytes Out 1227266932673 3274698578875
Packets In
Passed 2289953086 1945437219
Blocked 392835739 48609
Packets Out
Passed 1649146326 2605569054
Blocked 107 0
State Table Total Rate
current entries 649
searches 18421725761 1317.0/s
inserts 156762508 11.2/s
removals 156761859 11.2/s
Counters
match 473002784 33.8/s
bad-offset 0 0.0/s
fragment 2729 0.0/s
short 107 0.0/s
normalize 1685 0.0/s
memory 101 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 152301 0.0/s
proto-cksum 108 0.0/s
state-mismatch 24393 0.0/s
state-insert 92 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
`,
measurements: []measurementResult{
{
fields: map[string]interface{}{
"entries": int64(649),
"searches": int64(18421725761),
"inserts": int64(156762508),
"removals": int64(156761859),
"match": int64(473002784),
"bad-offset": int64(0),
"fragment": int64(2729),
"short": int64(107),
"normalize": int64(1685),
"memory": int64(101),
"bad-timestamp": int64(0),
"congestion": int64(0),
"ip-option": int64(152301),
"proto-cksum": int64(108),
"state-mismatch": int64(24393),
"state-insert": int64(92),
"state-limit": int64(0),
"src-limit": int64(0),
"synproxy": int64(0)},
tags: map[string]string{},
},
},
},
}
for i, tt := range testCases {
t.Run(strconv.Itoa(i), func(t *testing.T) {
log.Printf("running #%d\n", i)
pf := &PF{
infoFunc: func() (string, error) {
return tt.TestInput, nil
},
}
acc := new(testutil.Accumulator)
err := acc.GatherError(pf.Gather)
if !reflect.DeepEqual(tt.err, err) {
t.Errorf("%d: expected error '%#v' got '%#v'", i, tt.err, err)
}
n := 0
for j, v := range tt.measurements {
if len(acc.Metrics) < n+1 {
t.Errorf("%d: expected at least %d values got %d", i, n+1, len(acc.Metrics))
break
}
m := acc.Metrics[n]
if !reflect.DeepEqual(m.Measurement, measurement) {
t.Errorf("%d %d: expected measurement '%#v' got '%#v'\n", i, j, measurement, m.Measurement)
}
if !reflect.DeepEqual(m.Tags, v.tags) {
t.Errorf("%d %d: expected tags\n%#v got\n%#v\n", i, j, v.tags, m.Tags)
}
if !reflect.DeepEqual(m.Fields, v.fields) {
t.Errorf("%d %d: expected fields\n%#v got\n%#v\n", i, j, v.fields, m.Fields)
}
n++
}
})
}
}

7
plugins/inputs/pf/sample.conf Normal file
View file

@ -0,0 +1,7 @@
# Gather counters from PF
[[inputs.pf]]
## PF require root access on most systems.
## Setting 'use_sudo' to true will make use of sudo to run pfctl.
## Users must configure sudo to allow telegraf user to run pfctl with no password.
## pfctl can be restricted to only list command "pfctl -s info".
use_sudo = false