influxdata/telegraf

Inputs PF should provide rule specific information

Open

#8,786 opened on Feb 2, 2021

View on GitHub
 (1 comment) (0 reactions) (0 assignees)Go (9,892 stars) (4,161 forks)batch import
area/iotfeature requesthelp wantedsize/m

Description

Currently the PF input plugin only provides PF overall stats.

It would be great to have an option to also collect the output of 'pfctl -v -s rules' which are per rule statics.

(Example)

pass in log quick on vmx5 inet proto udp from <metergw> to <DiscovergyNTP> port = ntp keep state label "aaf67e315d4f23fcfd11353735e8a90b"
  [ Evaluations: 14733     Packets: 148       Bytes: 11248       States: 0     ]

I would be good to collect the (label,Evaluations,Packets,Bytes,States) tuple.

The data enables monitoring of specific communications. In my specific use case I want to see whether specific IoT devices are up (have States>0), are continously interchanging data (Packet counter steadily increasing over time).

Contributor guide

Tech stack
go
Domain
observability
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
3-5 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Go programmingUnderstanding of Telegraf input pluginsBasic knowledge of PF firewall
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
50
Research direction
The issue requests adding an option to the PF input plugin to collect per rule statistics from `pfctl v s rules`. Start by examining the existing PF plugin code at `plugins/inputs/pf/` to understand the current structure. Create a new configuration option (e.g., `collect rule stats`) that defaults to false. When enabled, execute `pfctl v s rules` and parse the output to extract label, evaluations, packets, bytes, and states for each rule. Emit these as tagged metrics (with rule label as a tag). The challenge is parsing the command output reliably across different BSD versions. Reference similar plugins that run external commands, like the 'exec' input plugin, for patterns.