nftables
Plugin: go.d.plugin Module: prometheus
Overview
Monitor nftables firewall metrics for efficient network security and management.
Metrics are gathered by periodically sending HTTP requests to nftables_exporter.
This collector is supported on all platforms.
This collector supports collecting metrics from multiple instances of this integration, including remote instances.
Default Behavior
Auto-Detection
By default, it detects instances running on the local host by trying to connect to known ports that are allocated to exporters. The full list of endpoints is available in the collector's configuration file.
Limits
The default configuration for this integration does not impose any limits on data collection.
Performance Impact
The default configuration for this integration is not expected to impose a significant performance impact on the system.
Metrics
This collector has built-in grouping logic based on the type of metrics.
Metric | Chart | Dimension(s) | Algorithm |
---|---|---|---|
Gauge | for each label set | one, the metric name | absolute |
Counter | for each label set | one, the metric name | incremental |
Summary (quantiles) | for each label set (excluding 'quantile') | for each quantile | absolute |
Summary (sum and count) | for each label set | the metric name | incremental |
Histogram (buckets) | for each label set (excluding 'le') | for each bucket | incremental |
Histogram (sum and count) | for each label set | the metric name | incremental |
Untyped metrics (have no '# TYPE') processing:
- As Counter or Gauge depending on pattern match when 'fallback_type' is used.
- As Counter if it has suffix '_total'.
- As Summary if it has 'quantile' label.
- As Histogram if it has 'le' label.
The rest are ignored.
Alerts
There are no alerts configured by default for this integration.
Setup
Prerequisites
Install Exporter
Install nftables_exporter by following the instructions mentioned in the exporter README.
Configuration
File
The configuration file name for this integration is go.d/prometheus.conf
.
You can edit the configuration file using the edit-config
script from the
Netdata config directory.
cd /etc/netdata 2>/dev/null || cd /opt/netdata/etc/netdata
sudo ./edit-config go.d/prometheus.conf
Options
The following options can be defined globally: update_every, autodetection_retry.
Config options
Name | Description | Default | Required |
---|---|---|---|
update_every | Data collection frequency. | 10 | no |
autodetection_retry | Recheck interval in seconds. Zero means no recheck will be scheduled. | 0 | no |
url | Server URL. | yes | |
selector | Time series selector (filter). | no | |
fallback_type | Time series selector (filter). | no | |
max_time_series | Global time series limit. If an endpoint returns number of time series > limit the data is not processed. | 2000 | no |
max_time_series_per_metric | Time series per metric (metric name) limit. Metrics with number of time series > limit are skipped. | 200 | no |
timeout | HTTP request timeout. | 10 | no |
username | Username for basic HTTP authentication. | no | |
password | Password for basic HTTP authentication. | no | |
proxy_url | Proxy URL. | no | |
proxy_username | Username for proxy basic HTTP authentication. | no | |
proxy_password | Password for proxy basic HTTP authentication. | no | |
method | HTTP request method. | GET | no |
body | HTTP request body. | no | |
headers | HTTP request headers. | no | |
not_follow_redirects | Redirect handling policy. Controls whether the client follows redirects. | no | no |
tls_skip_verify | Server certificate chain and hostname validation policy. Controls whether the client performs this check. | no | no |
tls_ca | Certification authority that the client uses when verifying the server's certificates. | no | |
tls_cert | Client TLS certificate. | no | |
tls_key | Client TLS key. | no |
selector
This option allows you to filter out unwanted time series. Only metrics matching the selector will be collected.
- Logic: (pattern1 OR pattern2) AND !(pattern3 or pattern4)
- Pattern syntax: selector.
- Option syntax:
selector:
allow:
- pattern1
- pattern2
deny:
- pattern3
- pattern4
fallback_type
This option allows you to process Untyped metrics as Counter or Gauge instead of ignoring them.
- Metric name pattern syntax: shell file name pattern.
- Option syntax:
fallback_type:
counter:
- metric_name_pattern1
- metric_name_pattern2
gauge:
- metric_name_pattern3
- metric_name_pattern4
Examples
Basic
Note: Change the port of the monitored application on which it provides metrics.
A basic example configuration.
jobs:
- name: local
url: http://127.0.0.1:9090/metrics
Read metrics from a file
An example configuration to read metrics from a file.
Config
# use "file://" scheme
jobs:
- name: myapp
url: file:///opt/metrics/myapp/metrics.txt
HTTP authentication
Note: Change the port of the monitored application on which it provides metrics.
Basic HTTP authentication.
Config
jobs:
- name: local
url: http://127.0.0.1:9090/metrics
username: username
password: password
HTTPS with self-signed certificate
Note: Change the port of the monitored application on which it provides metrics.
Do not validate server certificate chain and hostname.
Config
jobs:
- name: local
url: https://127.0.0.1:9090/metrics
tls_skip_verify: yes
Multi-instance
Note: When you define multiple jobs, their names must be unique. Note: Change the port of the monitored application on which it provides metrics.
Collecting metrics from local and remote instances.
Config
jobs:
- name: local
url: http://127.0.0.1:9090/metrics
- name: remote
url: http://192.0.2.1:9090/metrics
Troubleshooting
Debug Mode
To troubleshoot issues with the prometheus
collector, run the go.d.plugin
with the debug option enabled. The output
should give you clues as to why the collector isn't working.
Navigate to the
plugins.d
directory, usually at/usr/libexec/netdata/plugins.d/
. If that's not the case on your system, opennetdata.conf
and look for theplugins
setting under[directories]
.cd /usr/libexec/netdata/plugins.d/
Switch to the
netdata
user.sudo -u netdata -s
Run the
go.d.plugin
to debug the collector:./go.d.plugin -d -m prometheus
Do you have any feedback for this page? If so, you can open a new issue on our netdata/learn repository.