telegraf/plugins/inputs/synproxy/README.md

# Synproxy Input Plugin

The synproxy plugin gathers the synproxy counters. Synproxy is a Linux netfilter
module used for SYN attack mitigation.  The use of synproxy is documented in
`man iptables-extensions` under the SYNPROXY section.

## Global configuration options <!-- @/docs/includes/plugin_config.md -->

In addition to the plugin-specific configuration settings, plugins support
additional global and plugin configuration settings. These settings are used to
modify metrics, tags, and field or create aliases and configure ordering, etc.
See the [CONFIGURATION.md][CONFIGURATION.md] for more details.

[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins

## Configuration

```toml @sample.conf
# Get synproxy counter statistics from procfs
# This plugin ONLY supports Linux
[[inputs.synproxy]]
  # no configuration
```

The synproxy plugin does not need any configuration

## Metrics

The following synproxy counters are gathered

- synproxy
  - fields:
    - cookie_invalid (uint32, packets, counter) - Invalid cookies
    - cookie_retrans (uint32, packets, counter) - Cookies retransmitted
    - cookie_valid (uint32, packets, counter) - Valid cookies
    - entries (uint32, packets, counter) - Entries
    - syn_received (uint32, packets, counter) - SYN received
    - conn_reopened (uint32, packets, counter) - Connections reopened

## Sample Queries

Get the number of packets per 5 minutes for the measurement in the last hour
from InfluxDB:

```sql
SELECT difference(last("cookie_invalid")) AS "cookie_invalid", difference(last("cookie_retrans")) AS "cookie_retrans", difference(last("cookie_valid")) AS "cookie_valid", difference(last("entries")) AS "entries", difference(last("syn_received")) AS "syn_received", difference(last("conn_reopened")) AS "conn_reopened" FROM synproxy WHERE time > NOW() - 1h GROUP BY time(5m) FILL(null);
```

## Troubleshooting

Execute the following CLI command in Linux to test the synproxy counters:

```sh
cat /proc/net/stat/synproxy
```

## Example Output

This section shows example output in Line Protocol format.

```text
synproxy,host=Filter-GW01,rack=filter-node1 conn_reopened=0i,cookie_invalid=235i,cookie_retrans=0i,cookie_valid=8814i,entries=0i,syn_received=8742i 1549550634000000000
```
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00			`# Synproxy Input Plugin`

chore: Fix readme linter errors for input plugins M-Z (#11274) 2022-06-09 05:22:56 +08:00			`The synproxy plugin gathers the synproxy counters. Synproxy is a Linux netfilter`
			`module used for SYN attack mitigation. The use of synproxy is documented in`
			`man iptables-extensions` under the SYNPROXY section.
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00
docs: add global configuration header (#12107) 2022-10-27 03:58:36 +08:00			`## Global configuration options <!-- @/docs/includes/plugin_config.md -->`

			`In addition to the plugin-specific configuration settings, plugins support`
			`additional global and plugin configuration settings. These settings are used to`
			`modify metrics, tags, and field or create aliases and configure ordering, etc.`
			`See the [CONFIGURATION.md][CONFIGURATION.md] for more details.`

feat(tools/readme_linter): Check for global configuration section (#12426) 2023-01-12 23:55:21 +08:00			`[CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins`
docs: add global configuration header (#12107) 2022-10-27 03:58:36 +08:00
chore: clean up all errors for markdown lint input plugins s through v (#10167) 2021-11-25 02:50:13 +08:00			`## Configuration`
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00
chore: Embed sample configurations into README for inputs (#11136) 2022-05-24 21:49:47 +08:00			```toml @sample.conf
feat: migrate input plugins to new sample config format (M-Z) (#10926) 2022-04-12 05:32:25 +08:00			`# Get synproxy counter statistics from procfs`
chore: Specify distro support (part 3) (#12792) 2023-03-06 19:18:43 +08:00			`# This plugin ONLY supports Linux`
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00			`[[inputs.synproxy]]`
			`# no configuration`
			```

chore: Fix readme linter errors for input plugins M-Z (#11274) 2022-06-09 05:22:56 +08:00			`The synproxy plugin does not need any configuration`

chore: clean up all errors for markdown lint input plugins s through v (#10167) 2021-11-25 02:50:13 +08:00			`## Metrics`
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00
			`The following synproxy counters are gathered`

			`- synproxy`
			`- fields:`
			`- cookie_invalid (uint32, packets, counter) - Invalid cookies`
			`- cookie_retrans (uint32, packets, counter) - Cookies retransmitted`
			`- cookie_valid (uint32, packets, counter) - Valid cookies`
			`- entries (uint32, packets, counter) - Entries`
			`- syn_received (uint32, packets, counter) - SYN received`
			`- conn_reopened (uint32, packets, counter) - Connections reopened`

chore: clean up all errors for markdown lint input plugins s through v (#10167) 2021-11-25 02:50:13 +08:00			`## Sample Queries`
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00
chore: Fix readme linter errors for input plugins M-Z (#11274) 2022-06-09 05:22:56 +08:00			`Get the number of packets per 5 minutes for the measurement in the last hour`
			`from InfluxDB:`
chore: clean up all errors for markdown lint input plugins s through v (#10167) 2021-11-25 02:50:13 +08:00
fix(readmes): adding code block annotations (#7963) 2020-08-11 03:50:48 +08:00			```sql
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00			`SELECT difference(last("cookie_invalid")) AS "cookie_invalid", difference(last("cookie_retrans")) AS "cookie_retrans", difference(last("cookie_valid")) AS "cookie_valid", difference(last("entries")) AS "entries", difference(last("syn_received")) AS "syn_received", difference(last("conn_reopened")) AS "conn_reopened" FROM synproxy WHERE time > NOW() - 1h GROUP BY time(5m) FILL(null);`
			```

chore: clean up all errors for markdown lint input plugins s through v (#10167) 2021-11-25 02:50:13 +08:00			`## Troubleshooting`
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00
			`Execute the following CLI command in Linux to test the synproxy counters:`
chore: clean up all errors for markdown lint input plugins s through v (#10167) 2021-11-25 02:50:13 +08:00
fix(readmes): adding code block annotations (#7963) 2020-08-11 03:50:48 +08:00			```sh
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00			`cat /proc/net/stat/synproxy`
			```

chore: clean up all errors for markdown lint input plugins s through v (#10167) 2021-11-25 02:50:13 +08:00			`## Example Output`
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00
			`This section shows example output in Line Protocol format.`

chore: Update README.md (#12989) 2023-04-04 19:43:49 +08:00			```text
Add synproxy input plugin (#5683) 2019-11-22 03:26:59 +08:00			`synproxy,host=Filter-GW01,rack=filter-node1 conn_reopened=0i,cookie_invalid=235i,cookie_retrans=0i,cookie_valid=8814i,entries=0i,syn_received=8742i 1549550634000000000`
			```