Connection tracking (“conntrack”) is a core feature of the Linux kernel’s networking stack that tracks the logical network connections or flows. This enables stateful packet inspection for iptables so you can identify all of the packets which make up each flow. Specifically, conntrack is a command line interface for the connection tracking system and is more flexible than
/proc/net/ip_conntrack. With conntrack, you can show, delete and update existing state entries and listen to flow events.
Why use the Conntrack Telegraf Plugin?
The Conntrack Telegraf Plugin collects stats from Netfilter's conntrack-tools. Conntrack-tools provide a mechanism for tracking various network connections as they are processed by netfilter. At runtime, conntrack exposes many of those connection statistics within
/proc/sys/net. Depending on your kernel version, these files can be found in either
/proc/sys/net/netfilter and will be prefixed with either
ip_ or nf_. This Conntrack Telegraf Plugin reads the files specified in its configuration and publishes each one as a field, with the prefix normalized to
Since conntrack normally improves performance (reduced CPU and reduced packet latencies), you can use this Telegraf plugin in conjunction with the other Telegraf plugins that collect network and system metrics to get a complete picture of your application stack.
How to use the Conntrack Telegraf Plugin
In order to simplify configuration in a heterogeneous environment, a superset of directory and filenames can be specified. Any locations that don't exist will be ignored.
For more information on conntrack-tools, see the Netfilter Documentation.
Key Conntrack metrics to use for monitoring
Some of the important Conntrack metrics that you can proactively monitor include the:
- number of entries in the conntrack table
- max capacity of the conntrack table