telegraf/plugins/inputs/conntrack/README.md

# Conntrack Input Plugin

Collects stats from Netfilter's conntrack-tools.

The conntrack-tools provide a mechanism for tracking various aspects of
network connections as they are processed by netfilter. At runtime,
conntrack exposes many of those connection statistics within `/proc/sys/net`.
Depending on your kernel version, these files can be found in either
`/proc/sys/net/ipv4/netfilter` or `/proc/sys/net/netfilter` and will be
prefixed with either `ip` or `nf`.  This plugin reads the files specified
in its configuration and publishes each one as a field, with the prefix
normalized to ip_.
conntrack exposes many of those connection statistics within `/proc/sys/net`.
Depending on your kernel version, these files can be found in either
`/proc/sys/net/ipv4/netfilter` or `/proc/sys/net/netfilter` and will be
prefixed with either `ip_` or `nf_`.  This plugin reads the files specified
in its configuration and publishes each one as a field, with the prefix
normalized to `ip_`.

In order to simplify configuration in a heterogeneous environment, a superset
of directory and filenames can be specified.  Any locations that don't exist
will be ignored.

For more information on conntrack-tools, see the
[Netfilter Documentation](http://conntrack-tools.netfilter.org/).

## Configuration

```toml @sample.conf
# Collects conntrack stats from the configured directories and files.
[[inputs.conntrack]]
  ## The following defaults would work with multiple versions of conntrack.
  ## Note the nf_ and ip_ filename prefixes are mutually exclusive across
  ## kernel versions, as are the directory locations.

  ## Superset of filenames to look for within the conntrack dirs.
  ## Missing files will be ignored.
  files = ["ip_conntrack_count","ip_conntrack_max",
          "nf_conntrack_count","nf_conntrack_max"]

  ## Directories to search within for the conntrack files above.
  ## Missing directories will be ignored.
  dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"]
  ## all - aggregated statistics
  ## percpu - include detailed statistics with cpu tag
  collect = ["all", "percpu"]
```

## Metrics

A detailed explanation of each fields can be found in [kernel documentation](
https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt).

- conntrack
  - `ip_conntrack_count` `(int, count)`: The number of entries in the conntrack table
  - `ip_conntrack_max` `(int, size)`: The max capacity of the conntrack table
  - `ip_conntrack_buckets`  `(int, size)`: The size of hash table.

With `collect = ["all"]`:

- `entries`: The number of entries in the conntrack table
- `searched`: The number of conntrack table lookups performed
- `found`: The number of searched entries which were successful
- `new`: The number of entries added which were not expected before
- `invalid`: The number of packets seen which can not be tracked
- `ignore`: The number of packets seen which are already connected to an entry
- `delete`: The number of entries which were removed
- `delete_list`: The number of entries which were put to dying list
- `insert`: The number of entries inserted into the list
- `insert_failed`: The number of insertion attempted but failed (same entry exists)
- `drop`: The number of packets dropped due to conntrack failure
- `early_drop`: The number of dropped entries to make room for new ones, if maxsize reached
- `icmp_error`: Subset of invalid. Packets that can't be tracked due to error
- `expect_new`: Entries added after an expectation was already present
- `expect_create`: Expectations added
- `expect_delete`: Expectations deleted
- `search_restart`: Conntrack table lookups restarted due to hashtable resizes

### Tags

With `collect = ["percpu"]` will include detailed statistics per CPU thread.

Without `"percpu"` the `cpu` tag will have `all` value.

## Example Output

```shell
$ ./telegraf --config telegraf.conf --input-filter conntrack --test
conntrack,host=myhost ip_conntrack_count=2,ip_conntrack_max=262144 1461620427667995735
```

with stats:

```shell
$ telegraf --config /etc/telegraf/telegraf.conf --input-filter conntrack --test
> conntrack,cpu=all,host=localhost delete=0i,delete_list=0i,drop=2i,early_drop=0i,entries=5568i,expect_create=0i,expect_delete=0i,expect_new=0i,found=7i,icmp_error=1962i,ignore=2586413402i,insert=0i,insert_failed=2i,invalid=46853i,new=0i,search_restart=453336i,searched=0i 1615233542000000000
> conntrack,host=localhost ip_conntrack_count=464,ip_conntrack_max=262144 1615233542000000000
```
fix(readmes): standarize first line of readmes (#7973) 2020-08-12 04:10:41 +08:00			`# Conntrack Input Plugin`
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00
			`Collects stats from Netfilter's conntrack-tools.`

			`The conntrack-tools provide a mechanism for tracking various aspects of`
fix: markdown: resolve all markdown issues with a-c (#10169) 2021-11-25 02:55:55 +08:00			`network connections as they are processed by netfilter. At runtime,`
feat(inputs.conntrack): Parse conntrack stats (#8958) 2022-10-13 03:12:16 +08:00			conntrack exposes many of those connection statistics within `/proc/sys/net`.
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00			`Depending on your kernel version, these files can be found in either`
feat(inputs.conntrack): Parse conntrack stats (#8958) 2022-10-13 03:12:16 +08:00			`/proc/sys/net/ipv4/netfilter` or `/proc/sys/net/netfilter` and will be
			prefixed with either `ip` or `nf`. This plugin reads the files specified
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00			`in its configuration and publishes each one as a field, with the prefix`
fix: markdown: resolve all markdown issues with a-c (#10169) 2021-11-25 02:55:55 +08:00			`normalized to ip_.`
feat(inputs.conntrack): Parse conntrack stats (#8958) 2022-10-13 03:12:16 +08:00			conntrack exposes many of those connection statistics within `/proc/sys/net`.
			`Depending on your kernel version, these files can be found in either`
			`/proc/sys/net/ipv4/netfilter` or `/proc/sys/net/netfilter` and will be
			prefixed with either `ip_` or `nf_`. This plugin reads the files specified
			`in its configuration and publishes each one as a field, with the prefix`
			normalized to `ip_`.
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00
			`In order to simplify configuration in a heterogeneous environment, a superset`
			`of directory and filenames can be specified. Any locations that don't exist`
			`will be ignored.`

fix: markdown: resolve all markdown issues with a-c (#10169) 2021-11-25 02:55:55 +08:00			`For more information on conntrack-tools, see the`
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00			`[Netfilter Documentation](http://conntrack-tools.netfilter.org/).`

fix: markdown: resolve all markdown issues with a-c (#10169) 2021-11-25 02:55:55 +08:00			`## Configuration`
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00
chore: Embed sample configurations into README for inputs (#11136) 2022-05-24 21:49:47 +08:00			```toml @sample.conf
chore(inputs): add descriptions to config in README.md (#10962) 2022-04-12 21:29:02 +08:00			`# Collects conntrack stats from the configured directories and files.`
			`[[inputs.conntrack]]`
			`## The following defaults would work with multiple versions of conntrack.`
			`## Note the nf_ and ip_ filename prefixes are mutually exclusive across`
			`## kernel versions, as are the directory locations.`

			`## Superset of filenames to look for within the conntrack dirs.`
			`## Missing files will be ignored.`
			`files = ["ip_conntrack_count","ip_conntrack_max",`
			`"nf_conntrack_count","nf_conntrack_max"]`

			`## Directories to search within for the conntrack files above.`
			`## Missing directories will be ignored.`
			`dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"]`
feat(inputs.conntrack): Parse conntrack stats (#8958) 2022-10-13 03:12:16 +08:00			`## all - aggregated statistics`
			`## percpu - include detailed statistics with cpu tag`
			`collect = ["all", "percpu"]`
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00			```

chore: Fix readme linter errors for input plugins A-D (#10964) 2022-06-08 05:10:18 +08:00			`## Metrics`
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00
feat(inputs.conntrack): Parse conntrack stats (#8958) 2022-10-13 03:12:16 +08:00			`A detailed explanation of each fields can be found in [kernel documentation](`
			`https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt).`

Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00			`- conntrack`
feat(inputs.conntrack): Parse conntrack stats (#8958) 2022-10-13 03:12:16 +08:00			- `ip_conntrack_count` `(int, count)`: The number of entries in the conntrack table
			- `ip_conntrack_max` `(int, size)`: The max capacity of the conntrack table
			- `ip_conntrack_buckets` `(int, size)`: The size of hash table.

			With `collect = ["all"]`:

			- `entries`: The number of entries in the conntrack table
			- `searched`: The number of conntrack table lookups performed
			- `found`: The number of searched entries which were successful
			- `new`: The number of entries added which were not expected before
			- `invalid`: The number of packets seen which can not be tracked
			- `ignore`: The number of packets seen which are already connected to an entry
			- `delete`: The number of entries which were removed
			- `delete_list`: The number of entries which were put to dying list
			- `insert`: The number of entries inserted into the list
			- `insert_failed`: The number of insertion attempted but failed (same entry exists)
			- `drop`: The number of packets dropped due to conntrack failure
			- `early_drop`: The number of dropped entries to make room for new ones, if maxsize reached
			- `icmp_error`: Subset of invalid. Packets that can't be tracked due to error
			- `expect_new`: Entries added after an expectation was already present
			- `expect_create`: Expectations added
			- `expect_delete`: Expectations deleted
			- `search_restart`: Conntrack table lookups restarted due to hashtable resizes
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00
chore: Fix readme linter errors for input plugins A-D (#10964) 2022-06-08 05:10:18 +08:00			`### Tags`
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00
feat(inputs.conntrack): Parse conntrack stats (#8958) 2022-10-13 03:12:16 +08:00			With `collect = ["percpu"]` will include detailed statistics per CPU thread.

			Without `"percpu"` the `cpu` tag will have `all` value.
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00
fix: markdown: resolve all markdown issues with a-c (#10169) 2021-11-25 02:55:55 +08:00			`## Example Output`
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00
fix: markdown: resolve all markdown issues with a-c (#10169) 2021-11-25 02:55:55 +08:00			```shell
Fix telegraf example arguments (#2788) Many of the examples provided within documentation are using a single dash for the command line arguments, but the telegraf executable explicitly has two dashes. There are also some inconsistencies with the ordering of the command line argument examples. I've ordered them so that the examples will show: config, config-directory, input-filter, test 2017-05-13 06:22:29 +08:00			`$ ./telegraf --config telegraf.conf --input-filter conntrack --test`
Adding a conntrack input plugin - Collects conntrack stats from the configured directories and files. Applying PR feedback: - Rebased onto master - Updated README/CHANGELOG - Limited lines to 80 chars - Improved plugin docs and README - added a dummy notlinux build file Fixed up CHANGELOG and README after rebase closes #1164 2016-03-30 12:39:50 +08:00			`conntrack,host=myhost ip_conntrack_count=2,ip_conntrack_max=262144 1461620427667995735`
			```
feat(inputs.conntrack): Parse conntrack stats (#8958) 2022-10-13 03:12:16 +08:00
			`with stats:`

			```shell
			`$ telegraf --config /etc/telegraf/telegraf.conf --input-filter conntrack --test`
			`> conntrack,cpu=all,host=localhost delete=0i,delete_list=0i,drop=2i,early_drop=0i,entries=5568i,expect_create=0i,expect_delete=0i,expect_new=0i,found=7i,icmp_error=1962i,ignore=2586413402i,insert=0i,insert_failed=2i,invalid=46853i,new=0i,search_restart=453336i,searched=0i 1615233542000000000`
			`> conntrack,host=localhost ip_conntrack_count=464,ip_conntrack_max=262144 1615233542000000000`
			```