Ipset Monitoring
Use This InfluxDB Integration for Freeipset is a companion application for the iptables Linux firewall that allows you to set up rules to block a set of IP addresses by tracking the byte count per IP.
Why use the Ipset Telegraf Plugin?
The Ipset Telegraf Plugin will allow gathering packet and byte counters that you can track over time to see patterns and determine if rules to block are warranted. You can also use this with other Telegraf plugins like the Fail2ban Telegraf Plugin to get a more comprehensive view of your traffic.
How to monitor packets and bytes using the Ipset Telegraf plugin
The Ipset Telegraf plugin gathers packets and bytes counters from Linux ipset. It uses the output of the command "ipset save". Ipsets created without the "counters" option are ignored.
The results are tagged with:
- ipset name
- ipset entry
In addition, there are 3 ways to grant Telegraf the right to run ipset:
- Run as root (strongly discouraged).
- Use sudo.
- Configure systemd to run telegraf with
CAP_NET_ADMINandCAP_NET_RAWcapabilities.
Key Ipset metrics to use for monitoring
Some of the important Ipset metrics that you should proactively monitor include:
- Total bytes
- Total packets
