diff --git a/README.md b/README.md index 542cd53..7a01d1f 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,3 @@ -# Heads up! -In the recent commits I updated the telegraf config to use the [Tails Input Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/tail) in place of the [Logparser Input Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/logparser) since it's been deprecated. - -I renamed many of the columns to reflect [what's being logged by pfBlockerNG-devel](https://github.com/pfsense/FreeBSD-ports/blob/232722ac52edaeede58b551e7e2efb690ce1023d/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L4597). As a result, the measurements ip_block_log and dnsbl_log have been replaced with tail_ipblock and tail_dnsbl respectively. - -I dropped the old measurements - - bash-4.4# influx - Connected to http://localhost:8086 version 1.8.3 - InfluxDB shell version: 1.8.3 - > auth - username: admin - password: - > use pfsense - Using database pfsense - > drop measurement ip_block_log - > drop measurement dnsbl_log - -If you cannot live without this data, you could use the panels [from this commit](https://github.com/VictorRobellini/pfSense-Dashboard/blob/0df10172506242105891a81f5076019b5a5867b0/pfSense-Grafana-Dashboard.json) and not update the config. Read my note about the Logparser Input Plugin above! - -You could convert the Logparser config to Tail (read the Logparser docs - it looks simple). I wanted to go the csv route and add an index or two. -I'm sure you can even rename the measurements, columns and update the tags, but that's beyond my influx capabilities. - ## What's Monitored - Active Users - Uptime @@ -47,6 +24,36 @@ I'm sure you can even rename the measurements, columns and update the tags, but Grafana 7.4.3 Influxdb 1.8.3 +## Heads up! +In the recent commits I updated the telegraf config to use the [Tails Input Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/tail) in place of the [Logparser Input Plugin](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/logparser) since it's been deprecated. + +I renamed many of the columns to reflect [what's being logged by pfBlockerNG-devel](https://github.com/pfsense/FreeBSD-ports/blob/232722ac52edaeede58b551e7e2efb690ce1023d/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L4597) and fixed some parsing bugs that cause lines to be skipped due to inconsistent log formatting. As a result, the measurements ip_block_log and dnsbl_log have been replaced with tail_ip_block_log and tail_dnsbl_log respectively. + +I dropped the old measurements + + bash-4.4# influx + Connected to http://localhost:8086 version 1.8.3 + InfluxDB shell version: 1.8.3 + > auth + username: admin + password: + > use pfsense + Using database pfsense + > drop measurement ip_block_log + > drop measurement dnsbl_log + +If you cannot live without this data, you could use the panels [from this commit](https://github.com/VictorRobellini/pfSense-Dashboard/blob/0df10172506242105891a81f5076019b5a5867b0/pfSense-Grafana-Dashboard.json) and not update the config. Read my note about the Logparser Input Plugin above! + +If you want to load the complete logs files, you could probably change the telegraf config to: + +from_beginning = false + +to + +from_beginning = true + +I'm sure you can even rename the measurements, columns and update the tags, but that's beyond my influx capabilities. + ### docker-compose example with persistent storage ##### I've recently migrated my stack to Kubernetes, the image versions are updated but the docker-compose is untested. ```docker-compose @@ -150,7 +157,7 @@ To troubleshoot plugins further, add the following lines to the agent block in / logfile = "/var/log/telegraf/telegraf.log" #### Restarting Telegraf - # ps -aux | grep -i telegraf + # ps aux | grep '[t]elegraf.conf' # kill -HUP Now go read /var/log/telegraf/telegraf.log @@ -183,12 +190,13 @@ When in doubt, run a few queries to see if the data you are looking for is being interface mem net + netstat pf processes swap system - tail_dnsbl - tail_ipblock + tail_dnsbl_log + tail_ip_block_log temperature > select * from system limit 20 name: system