We are doing something else with iptables logging which feeds into another system. Turning on this level of ICMP logging would break that, I tried it briefly.
On Fri, Oct 21, 2016 at 6:11 AM, Lee Hardy <[email protected]> wrote: > Have you considered doing this through the iptables plugin? > > If you have a series of iptables rules for ICMP and you mark them with > comments (e.g. if your rules were something like: iptables -A INPUT -p icmp > -s 0/0 -d 0/0 --icmp-type 8 -m comment --comment ICMP-PING), you could then > use the iptables collectd plugin to match on the comment "ICMP-PING" and > get the stats that way? > > Cheers, > Lee H > > On 20 October 2016 at 20:27, Steve Wray <[email protected]> wrote: > >> I've been trying this out but had limited success. >> >> At first I had a configuration like this: >> >> <Plugin "tail"> >> <File "/var/log/icmpinfo/icmpinfo.log"> >> Instance "icmpinfo" >> <Match> >> Regex "ICMP_Echo" >> DSType "CounterInc" >> Type "counter" >> Instance "ICMP_Echo" >> </Match> >> </File> >> </Plugin> >> >> but I started to find that the values were going off the charts over >> time; it started off looking good but after a few days the values were in >> the quadrillions and clearly wrong. >> >> I saw this example: >> >> <File "/var/log/nginx/nginx-error.log"> >> Instance "nginx" >> <Match> >> Regex "\\(61: Connection refused\\)" >> DSType "DeriveInc" >> Type "derive" >> Instance "err_502" >> </Match> >> <Match> >> Regex "\\(60: Operation timed out\\)" >> DSType "DeriveInc" >> Type "derive" >> Instance "err_504" >> </Match> >> </File> >> >> and based a config on this as so: >> >> <Plugin "tail"> >> <File "/var/log/icmpinfo/icmpinfo.log"> >> Instance "icmpinfo" >> <Match> >> Regex "ICMP_Echo" >> DSType "DeriveInc" >> Type "derive" >> Instance "ICMP_Echo" >> </Match> >> </File> >> </Plugin> >> >> but this isn't producing any data at all! >> >> Could you share your collectd config? >> >> Thanks! >> >> >> On Thu, Oct 13, 2016 at 11:25 AM, Eric Horst <[email protected]> wrote: >> >>> I run icmpinfo as a daemon to syslog icmp statistics periodically >>> where they are more easily picked up for metrics and attacks. Glancing >>> at the source it seems that I modified it to only log messages that I >>> care about. I also see that I made the mods in August of 1999 so not >>> surprising it isn't fresh in my mind. The modified icmpinfo still >>> works great after all these years. >>> >>> -Eric >>> >>> On Thu, Oct 13, 2016 at 10:20 AM, Steve Wray <[email protected]> wrote: >>> > Hi, >>> > I'm currently getting several system statistics via collectd and >>> feeding >>> > this into graphite/grafana. >>> > >>> > I have a need to collect and graph data on ICMP traffic specifically. >>> > >>> > Can anyone suggest a way to do this (in Linux)? >>> > >>> > Thanks >>> > >>> > >>> > _______________________________________________ >>> > collectd mailing list >>> > [email protected] >>> > https://mailman.verplant.org/listinfo/collectd >>> >> >> >> _______________________________________________ >> collectd mailing list >> [email protected] >> https://mailman.verplant.org/listinfo/collectd >> > >
_______________________________________________ collectd mailing list [email protected] https://mailman.verplant.org/listinfo/collectd
