nftables

package
v1.38.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 9, 2026 License: MIT Imports: 8 Imported by: 1

README

Nftables Plugin

This plugin gathers packets and bytes counters for rules within Linux's nftables firewall, as well as set element counts.

⭐ Telegraf v1.37.0 🏷️ network, system 💻 linux

Global configuration options

Plugins support additional global and plugin configuration settings for tasks such as modifying metrics, tags, and fields, creating aliases, and configuring plugin ordering. See CONFIGURATION.md for more details.

Configuration

[[inputs.nftables]]
  ## Use the specified binary which will be looked-up in PATH
  # binary = "nft"

  ## Use sudo for command execution, can be restricted to
  ## "nft --json list table"
  # use_sudo = false

  ## Tables to monitor (may use "family table" format, e.g., "inet filter")
  # tables = [ "filter" ]

  ## Kinds of objects to monitor: "counters" (named counters), "sets",
  ## (named sets), "anonymous-counters" (on commented rules).
  # include = ["anonymous-counters"]

Since telegraf will fork a process to run nftables, AmbientCapabilities is required to transmit the capabilities bounding set to the forked process.

Using sudo

You may edit your sudo configuration with the following:

telegraf ALL=(root) NOPASSWD: /usr/bin/nft --json list table *

Metrics

Counters (when counters included):

  • nftables
    • tags:
      • table
      • counter
    • fields:
      • pkts (integer, count)
      • bytes (integer, bytes)

Sets (when sets included):

  • nftables
    • tags:
      • table
      • set
    • field:
      • count (integer, count)

Anonymous counters on commented rules (when anonymous-counters included):

  • nftables
    • tags:
      • table
      • chain
      • rule -- comment associated to the rule
    • fields:
      • pkts (integer, count)
      • bytes (integer, bytes)

Example Output

> nftables,host=my_hostname,counter=my_counter,table=filter bytes=48968i,pkts=48i 1757367516000000000
> nftables,host=my_hostname,set=my_set,table=filter count=10i 1757367516000000000
> nftables,chain=incoming,host=my_hostname,rule=comment_val_1,table=filter bytes=66435845i,pkts=133882i 1757367516000000000
> nftables,chain=outgoing,host=my_hostname,rule=comment_val_2,table=filter bytes=25596512i,pkts=145129i 1757367516000000000

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Nftables 

type Nftables struct {
	UseSudo bool     `toml:"use_sudo"`
	Binary  string   `toml:"binary"`
	Tables  []string `toml:"tables"`
	Include []string `toml:"include"`
	// contains filtered or unexported fields
}

func (*Nftables) Gather 

func (n *Nftables) Gather(acc telegraf.Accumulator) error

func (*Nftables) Init 

func (n *Nftables) Init() error

func (*Nftables) SampleConfig 

func (*Nftables) SampleConfig() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.