plugins/inputs/nftables/README.md
This plugin gathers packets and bytes counters for rules within Linux's nftables firewall, as well as set element counts.
⭐ Telegraf v1.37.0 🏷️ network, system 💻 linux
Plugins support additional global and plugin configuration settings for tasks such as modifying metrics, tags, and fields, creating aliases, and configuring plugin ordering. See CONFIGURATION.md for more details.
[[inputs.nftables]]
## Use the specified binary which will be looked-up in PATH
# binary = "nft"
## Use sudo for command execution, can be restricted to
## "nft --json list table"
# use_sudo = false
## Tables to monitor (may use "family table" format, e.g., "inet filter")
# tables = [ "filter" ]
## Kinds of objects to monitor: "counters" (named counters), "sets",
## (named sets), "anonymous-counters" (on commented rules).
# include = ["anonymous-counters"]
Since telegraf will fork a process to run nftables, AmbientCapabilities is
required to transmit the capabilities bounding set to the forked process.
You may edit your sudo configuration with the following:
telegraf ALL=(root) NOPASSWD: /usr/bin/nft --json list table *
Counters (when counters included):
Sets (when sets included):
Anonymous counters on commented rules (when anonymous-counters included):
> nftables,host=my_hostname,counter=my_counter,table=filter bytes=48968i,pkts=48i 1757367516000000000
> nftables,host=my_hostname,set=my_set,table=filter count=10i 1757367516000000000
> nftables,chain=incoming,host=my_hostname,rule=comment_val_1,table=filter bytes=66435845i,pkts=133882i 1757367516000000000
> nftables,chain=outgoing,host=my_hostname,rule=comment_val_2,table=filter bytes=25596512i,pkts=145129i 1757367516000000000