Ipset Monitoring

ipset is a companion application for the iptables Linux firewall that allows you to set up rules to block a set of IP addresses by tracking the byte count per IP.

Why use the Ipset Telegraf Plugin?

The Ipset Telegraf Plugin will allow gathering packet and byte counters that you can track over time to see patterns and determine if rules to block are warranted. You can also use this with other Telegraf plugins like the Fail2ban Telegraf Plugin to get a more comprehensive view of your traffic.

How to monitor packets and bytes using the Ipset Telegraf plugin

The Ipset Telegraf plugin gathers packets and bytes counters from Linux ipset. It uses the output of the command "ipset save". Ipsets created without the "counters" option are ignored.

The results are tagged with:

  • ipset name
  • ipset entry

In addition, there are 3 ways to grant Telegraf the right to run ipset:

  • Run as root (strongly discouraged).
  • Use sudo.
  • Configure systemd to run telegraf with CAP_NET_ADMIN and CAP_NET_RAW capabilities.

Key Ipset metrics to use for monitoring

Some of the important Ipset metrics that you should proactively monitor include:

  • Total bytes
  • Total packets
For more information, please check out the documentation.

Project URL   Documentation

Related resources