Ipset input plugin #3346
Ipset input plugin #3346
Conversation
| There are 3 ways to grant telegraf the right to run ipset: | ||
| * Run as root (strongly discouraged) | ||
| * Use sudo | ||
| * Configure systemd to run telegraf with CAP_NET_ADMIN and CAP_NET_RAW capabilities. |
There was a problem hiding this comment.
Are you sure this will work? Are capabilities inherited?
plugins/inputs/ipset/ipset.go
Outdated
| ## set show_all_sets = true to gather them all. | ||
| show_all_sets = false | ||
| ## Adjust your sudo settings appropriately if using this option ("sudo ipset save") | ||
| ## TODO: can we replace this with systemd privileges ? CAP_NET_ADMIN should DTRT |
There was a problem hiding this comment.
I guess this answers my question above, if we don't know if this will work don't add it.
plugins/inputs/ipset/ipset.go
Outdated
| } | ||
|
|
||
| lines := strings.Split(list, "\n") | ||
| for _, line := range lines { |
There was a problem hiding this comment.
Use an bufio.Scanner to iterate over lines
plugins/inputs/ipset/ipset.go
Outdated
| continue | ||
| } | ||
|
|
||
| data := strings.Split(line, " ") |
plugins/inputs/ipset/ipset.go
Outdated
| } | ||
|
|
||
| data := strings.Split(line, " ") | ||
| if data[0] == "add" && (data[4] != "0" || ips.ShowAllSets == true) { |
There was a problem hiding this comment.
Will panic if not enough fields, check for the correct number of splits.
plugins/inputs/ipset/ipset.go
Outdated
| return string(out), err | ||
| } | ||
|
|
||
| type setLister func() (string, error) |
There was a problem hiding this comment.
Define this above with the struct
| @@ -0,0 +1,3 @@ | |||
| // +build !linux | |||
There was a problem hiding this comment.
You can remove all of the build flags, it won't hurt to allow this to be built on all platforms.
plugins/inputs/ipset/ipset_test.go
Outdated
| } | ||
|
|
||
| for i, tt := range tests { | ||
| i++ |
There was a problem hiding this comment.
plugins/inputs/ipset/ipset_test.go
Outdated
| fields [][]map[string]interface{} | ||
| err error | ||
| }{ | ||
| { // 1 - 0 sets => no results |
There was a problem hiding this comment.
Add a name field to the test struct and set the names based on these comments using subtests
plugins/inputs/ipset/README.md
Outdated
| [[inputs.ipset]] | ||
| ## By default, we only show sets which have already matched at least 1 packet. | ||
| ## set show_all_sets = true to gather them all. | ||
| show_all_sets = false |
There was a problem hiding this comment.
I would call this include_unmatched_sets
…ipset-input-plugin
- Add a timeout for ipset execution - Use a bufio Scanner to parse ipset output - Add names to test cases - Remove build flags
|
Thanks @danielnelson for the review. |
…ipset-input-plugin
plugins/inputs/ipset/ipset.go
Outdated
| include_unmatched_sets = false | ||
| ## Adjust your sudo settings appropriately if using this option ("sudo ipset save") | ||
| use_sudo = false | ||
| ## The default timeout of 1s for ss execution can be overridden here: |
There was a problem hiding this comment.
Replace ss with ipset, here and also remember to update the same in the README
|
What about this comment: #3346 (comment) |
|
Ah, sorry was confused by the comment not collapsing. I merged this in and it will be included in 1.6, thanks! |
Required for all PRs:
The ipset input plugin allows collecting metrics from Linux ipset counters.