Connection Tracking “Conntrack” Monitoring

Connection Tracking is a command line interface and a core feature for Linux kernel's networking stack. It is more flexible than /proc/net/ip_conntrack. With conntrack, you can show, delete and update existing state entries and listen to flow events.

Why use the Conntrack Telegraf Plugin?

The Conntrack Telegraf Plugin collects stats from Netfilter's conntrack-tools. Conntrack-tools provide a mechanism for tracking various network connections as they are processed by netfilter. At runtime, conntrack exposes many of those connection statistics within /proc/sys/net. Depending on your kernel version, these files can be found in either /proc/sys/net/ipv4/netfilter or /proc/sys/net/netfilter and will be prefixed with either ip_ or nf_. This Conntrack Telegraf Plugin reads the files specified in its configuration and publishes each one as a field, with the prefix normalized to ip_.

Since conntrack normally improves performance (reduced CPU and reduced packet latencies), you can use this Telegraf plugin in conjunction with the other Telegraf plugins that collect network and system metrics to get a complete picture of your application stack.

How to use the Conntrack Telegraf Plugin

In order to simplify configuration in a heterogeneous environment, a superset of directory and filenames can be specified. Any locations that don't exist will be ignored.

For more information on conntrack-tools, see the Netfilter Documentation.

Key Conntrack metrics to use for monitoring

Some of the important Conntrack metrics that you can proactively monitor include the:

  • number of entries in the conntrack table
  • max capacity of the conntrack table
For more information, please check out the documentation.

Project URL   Documentation

Related resources