[collectd] Looking for a way to collect ICMP traffic data

Steve Wray steve at wtfast.com
Thu Oct 20 21:27:32 CEST 2016 

I've been trying this out but had limited success.

At first I had a configuration like this:

<Plugin "tail">
 <File "/var/log/icmpinfo/icmpinfo.log">
  Instance "icmpinfo"
  <Match>
   Regex "ICMP_Echo"
   DSType "CounterInc"
   Type "counter"
   Instance "ICMP_Echo"
  </Match>
 </File>
</Plugin>

but I started to find that the values were going off the charts over time;
it started off looking good but after a few days the values were in the
quadrillions and clearly wrong.

I saw this example:

<File "/var/log/nginx/nginx-error.log">
  Instance "nginx"
  <Match>
    Regex "\\(61: Connection refused\\)"
    DSType "DeriveInc"
    Type "derive"
    Instance "err_502"
  </Match>
  <Match>
    Regex "\\(60: Operation timed out\\)"
    DSType "DeriveInc"
    Type "derive"
    Instance "err_504"
  </Match>
</File>

and based a config on this as so:

<Plugin "tail">
 <File "/var/log/icmpinfo/icmpinfo.log">
  Instance "icmpinfo"
  <Match>
   Regex "ICMP_Echo"
   DSType "DeriveInc"
   Type "derive"
   Instance "ICMP_Echo"
  </Match>
 </File>
</Plugin>

but this isn't producing any data at all!

Could you share your collectd config?

Thanks!


On Thu, Oct 13, 2016 at 11:25 AM, Eric Horst <erich at uw.edu> wrote:

> I run icmpinfo as a daemon to syslog icmp statistics periodically
> where they are more easily picked up for metrics and attacks. Glancing
> at the source it seems that I modified it to only log messages that I
> care about. I also see that I made the mods in August of 1999 so not
> surprising it isn't fresh in my mind. The modified icmpinfo still
> works great after all these years.
>
> -Eric
>
> On Thu, Oct 13, 2016 at 10:20 AM, Steve Wray <steve at wtfast.com> wrote:
> > Hi,
> > I'm currently getting several system statistics via collectd and feeding
> > this into graphite/grafana.
> >
> > I have a need to collect and graph data on ICMP traffic specifically.
> >
> > Can anyone suggest a way to do this (in Linux)?
> >
> > Thanks
> >
> >
> > _______________________________________________
> > collectd mailing list
> > collectd at verplant.org
> > https://mailman.verplant.org/listinfo/collectd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.verplant.org/pipermail/collectd/attachments/20161020/b031e8e6/attachment.html>

More information about the collectd mailing list