Add input plugin for OpenBSD/FreeBSD pf #3405
Conversation
nferch
force-pushed
the
master
branch
4 times, most recently
from
02d0ad2
to
7b57521
Compare
|
Any feedback or things missing from this PR aside from the CLA? |
plugins/inputs/pf/README.md
Outdated
| ``` | ||
| > ./telegraf --config telegraf.conf --input-filter pf --test | ||
| * Plugin: inputs.pf, Collection 1 | ||
| > pf,host=columbia entries=2i 1507492593000000000 |
There was a problem hiding this comment.
Is this correct? I'm expecting more fields
plugins/inputs/pf/pf_nocompile.go
Outdated
| @@ -0,0 +1,3 @@ | |||
| // +build !freebsd | |||
There was a problem hiding this comment.
Let's remove all the build flags and always build the plugin.
There was a problem hiding this comment.
had repeated what had been done in the iptables plugin, but makes sense as pf is on more than FreeBSD.
plugins/inputs/pf/pf.go
Outdated
| var anyTableHeaderRE = regexp.MustCompile("^[A-Z]") | ||
|
|
||
| func (pf *PF) parsePfctlOutput(pfoutput string, acc telegraf.Accumulator) error { | ||
| lines := strings.Split(pfoutput, "\n") |
There was a problem hiding this comment.
I recommend using a bufio.Scanner to deal with non-unix line endings. Might make it easier to pass the scanner into child functions too instead of using a index range.
plugins/inputs/pf/pf.go
Outdated
| } | ||
|
|
||
| func (pf *PF) callPfctl() (string, error) { | ||
| c, err := pf.buildPfctlCmd() |
There was a problem hiding this comment.
This should only be ran once on startup.
plugins/inputs/pf/pf.go
Outdated
| } | ||
| out, oerr := c.Output() | ||
| if oerr != nil { | ||
| return string(out), fmt.Errorf("error running %s: %s: %s", pfctlCommand, oerr, oerr.(*exec.ExitError).Stderr) |
There was a problem hiding this comment.
Need to guard on the type assertion
|
|
||
|
|
||
| - pf | ||
| - entries (integer, count) |
There was a problem hiding this comment.
Need to add the other fields that are collected
plugins/inputs/pf/pf.go
Outdated
|
|
||
| func (pf *StateTable) getTags() ([]string, error) { | ||
| tags := []string{} | ||
| structVal := reflect.ValueOf(pf).Elem() |
There was a problem hiding this comment.
I don't think it is worth using reflect in this case, reflect is slow, hard to understand, and there are not so many fields that we can't just do it directly.
plugins/inputs/pf/README.md
Outdated
| @@ -0,0 +1,65 @@ | |||
| # PF Plugin | |||
|
|
|||
| The pf plugin gathers counters from the FreeBSD/OpenBSD pf firewall. | |||
There was a problem hiding this comment.
Looking through the code I don't see where we are parsing the counters, it looks like we are just collecting the state table?
There was a problem hiding this comment.
more precisely, number of entries and counters from the state table. will update.
|
Thanks for the review! |
|
Think I addressed all the comments, PTAL. |
use bufio instead of strings.Split use int64 for everything use list of fields instead of reflection and struct tags
per #2263
Required for all PRs: