PF Monitoring

PF (Packet Filter) is a BSD stateful packet filter that is critical for firewalling.

Why use the PF Telegraf plugin?

The pf plugin gathers information from the FreeBSD/OpenBSD pf firewall. It retrieves information about the state table, including the number of current entries in the table, and counters for the number of searches, inserts, and removals to the table.

The metrics collected by the PF plugin help you understand network traffic. They can also help determine if any resources are clogging your network and if that is accidental or intentional behavior. Using the PF plugin with other network monitoring Telegraf plugins, such as Network Resources, Fail2Ban, DNS Query, and Ethtool, to get more granular network data, including IP-level information.

How to monitor PF using the Telegraf plugin

The PF plugin retrieves state table information by invoking the pfstat command.

Key PF Metrics to use for monitoring

Some of the important PF metrics that you should proactively monitor include:

  • entries
  • searches
  • inserts
  • removals
  • match
  • bad-offset
  • fragment
  • short
  • normalize
  • memory
  • bad-timestamp
  • congestion
  • ip-option
  • proto-cksum
  • state-mismatch
  • state-insert
  • state-limit
  • src-limit
  • synproxy
For more information, please check out the documentation.

Project URL   Documentation

Related resources