Eldeberen/telegraf-collectors
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Collection of custom telegraf collectors
2 commits 1 branch 0 tags 30 KiB
Find a file
Exact
Eldeberen 0e1f7b69ae Updated to reaction-v2 output
2025-01-18 19:12:05 +01:00
reaction.py Updated to reaction-v2 output 2025-01-18 19:12:05 +01:00
README.md Repo init 2025-01-17 22:02:02 +01:00

README.md

Telegraf collectors

This repo contains some scripts that enhance Telegraf plugins.

The typical usage is to add an exec plugin to Telegraf that runs the scripts.

[[inputs.exec]]
  commands = ["/path/to/collector.py"]
  timeout = "5s"
  data_format = "influx"

Scripts

Reaction

This script exports reaction tracked and banned IPs.

As reaction needs root privileges to execute, you may add this to your /etc/sudoers

Cmnd_Alias REACTION = /usr/local/bin/reaction show -f json
telegraf ALL=(root:root) NOPASSWD: REACTION

Example output:

reaction,filter=failedlogin,host=khazad-dum,stream=ssh banned=8i,tracked=36i 1737147569000000000
reaction,filter=failednegociation,host=khazad-dum,stream=ssh banned=14i,tracked=22i 1737147569000000000
reaction,filter=badbots,host=khazad-dum,stream=web banned=4i,tracked=4i 1737147569000000000