1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
<!--startmeta
custom_edit_url: "https://github.com/netdata/netdata/edit/master/collectors/nfacct.plugin/README.md"
meta_yaml: "https://github.com/netdata/netdata/edit/master/collectors/nfacct.plugin/metadata.yaml"
sidebar_label: "Netfilter"
learn_status: "Published"
learn_rel_path: "Data Collection/Linux Systems/Firewall"
most_popular: False
message: "DO NOT EDIT THIS FILE DIRECTLY, IT IS GENERATED BY THE COLLECTOR'S metadata.yaml FILE"
endmeta-->
# Netfilter
<img src="https://netdata.cloud/img/netfilter.png" width="150"/>
Plugin: nfacct.plugin
Module: nfacct.plugin
<img src="https://img.shields.io/badge/maintained%20by-Netdata-%2300ab44" />
## Overview
Monitor Netfilter metrics for optimal packet filtering and manipulation. Keep tabs on packet counts, dropped packets, and error rates to secure network operations.
Netdata uses libmnl (https://www.netfilter.org/projects/libmnl/index.html) to collect information.
This collector is supported on all platforms.
This collector supports collecting metrics from multiple instances of this integration, including remote instances.
This plugin needs setuid.
### Default Behavior
#### Auto-Detection
This plugin uses socket to connect with netfilter to collect data
#### Limits
The default configuration for this integration does not impose any limits on data collection.
#### Performance Impact
The default configuration for this integration is not expected to impose a significant performance impact on the system.
## Metrics
Metrics grouped by *scope*.
The scope defines the instance that the metric belongs to. An instance is uniquely identified by a set of labels.
### Per Netfilter instance
This scope has no labels.
Metrics:
| Metric | Dimensions | Unit |
|:------|:----------|:----|
| netfilter.netlink_new | new, ignore, invalid | connections/s |
| netfilter.netlink_changes | insert, delete, delete_list | changes/s |
| netfilter.netlink_search | searched, search_restart, found | searches/s |
| netfilter.netlink_errors | icmp_error, insert_failed, drop, early_drop | events/s |
| netfilter.netlink_expect | created, deleted, new | expectations/s |
| netfilter.nfacct_packets | a dimension per nfacct object | packets/s |
| netfilter.nfacct_bytes | a dimension per nfacct object | kilobytes/s |
## Alerts
There are no alerts configured by default for this integration.
## Setup
### Prerequisites
#### Install required packages
Install `libmnl-dev` and `libnetfilter-acct-dev` using the package manager of your system.
### Configuration
#### File
The configuration file name for this integration is `netdata.conf`.
Configuration for this specific integration is located in the `[plugin:nfacct]` section within that file.
The file format is a modified INI syntax. The general structure is:
```ini
[section1]
option1 = some value
option2 = some other value
[section2]
option3 = some third value
```
You can edit the configuration file using the `edit-config` script from the
Netdata [config directory](https://github.com/netdata/netdata/blob/master/docs/configure/nodes.md#the-netdata-config-directory).
```bash
cd /etc/netdata 2>/dev/null || cd /opt/netdata/etc/netdata
sudo ./edit-config netdata.conf
```
#### Options
<details><summary>Config options</summary>
| Name | Description | Default | Required |
|:----|:-----------|:-------|:--------:|
| update every | Data collection frequency. | 1 | no |
| command options | Additinal parameters for collector | | no |
</details>
#### Examples
There are no configuration examples.
|