[collectd] Looking for a way to collect ICMP traffic data

Lee Hardy lee at leeh.uk
Fri Oct 21 15:11:08 CEST 2016 

Have you considered doing this through the iptables plugin?

If you have a series of iptables rules for ICMP and you mark them with
comments (e.g. if your rules were something like: iptables -A INPUT -p icmp
-s 0/0 -d 0/0 --icmp-type 8 -m comment --comment ICMP-PING), you could then
use the iptables collectd plugin to match on the comment "ICMP-PING" and
get the stats that way?

Cheers,
Lee H

On 20 October 2016 at 20:27, Steve Wray <steve at wtfast.com> wrote:

> I've been trying this out but had limited success.
>
> At first I had a configuration like this:
>
> <Plugin "tail">
>  <File "/var/log/icmpinfo/icmpinfo.log">
>   Instance "icmpinfo"
>   <Match>
>    Regex "ICMP_Echo"
>    DSType "CounterInc"
>    Type "counter"
>    Instance "ICMP_Echo"
>   </Match>
>  </File>
> </Plugin>
>
> but I started to find that the values were going off the charts over time;
> it started off looking good but after a few days the values were in the
> quadrillions and clearly wrong.
>
> I saw this example:
>
> <File "/var/log/nginx/nginx-error.log">
>   Instance "nginx"
>   <Match>
>     Regex "\\(61: Connection refused\\)"
>     DSType "DeriveInc"
>     Type "derive"
>     Instance "err_502"
>   </Match>
>   <Match>
>     Regex "\\(60: Operation timed out\\)"
>     DSType "DeriveInc"
>     Type "derive"
>     Instance "err_504"
>   </Match>
> </File>
>
> and based a config on this as so:
>
> <Plugin "tail">
>  <File "/var/log/icmpinfo/icmpinfo.log">
>   Instance "icmpinfo"
>   <Match>
>    Regex "ICMP_Echo"
>    DSType "DeriveInc"
>    Type "derive"
>    Instance "ICMP_Echo"
>   </Match>
>  </File>
> </Plugin>
>
> but this isn't producing any data at all!
>
> Could you share your collectd config?
>
> Thanks!
>
>
> On Thu, Oct 13, 2016 at 11:25 AM, Eric Horst <erich at uw.edu> wrote:
>
>> I run icmpinfo as a daemon to syslog icmp statistics periodically
>> where they are more easily picked up for metrics and attacks. Glancing
>> at the source it seems that I modified it to only log messages that I
>> care about. I also see that I made the mods in August of 1999 so not
>> surprising it isn't fresh in my mind. The modified icmpinfo still
>> works great after all these years.
>>
>> -Eric
>>
>> On Thu, Oct 13, 2016 at 10:20 AM, Steve Wray <steve at wtfast.com> wrote:
>> > Hi,
>> > I'm currently getting several system statistics via collectd and feeding
>> > this into graphite/grafana.
>> >
>> > I have a need to collect and graph data on ICMP traffic specifically.
>> >
>> > Can anyone suggest a way to do this (in Linux)?
>> >
>> > Thanks
>> >
>> >
>> > _______________________________________________
>> > collectd mailing list
>> > collectd at verplant.org
>> > https://mailman.verplant.org/listinfo/collectd
>>
>
>
> _______________________________________________
> collectd mailing list
> collectd at verplant.org
> https://mailman.verplant.org/listinfo/collectd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.verplant.org/pipermail/collectd/attachments/20161021/ea469287/attachment.html>

More information about the collectd mailing list