--- title: Telegraf Documentation description: Telegraf plugin for collecting metrics from PF url: https://docs.influxdata.com/telegraf/v1/input-plugins/pf/ estimated_tokens: 1827 product: Telegraf version: v1 --- - Telegraf v1.5.0+ # PF Input Plugin This plugin gathers information from the FreeBSD or OpenBSD pf firewall like the number of current entries in the table, counters for the number of searches, inserts, and removals to tables using the `pfctl` command. This plugin requires the `pfctl` binary to be executable by Telegraf. It requires read access to the device file `/dev/pf`. **Introduced in:** Telegraf v1.5.0 **Tags:** system, network **OS support:** freebsd ## Global configuration options Plugins support additional global and plugin configuration settings for tasks such as modifying metrics, tags, and fields, creating aliases, and configuring plugin ordering. See [CONFIGURATION.md](/telegraf/v1/configuration/#plugins) for more details. ## Configuration ```toml # Gather counters from PF [[inputs.pf]] ## PF require root access on most systems. ## Setting 'use_sudo' to true will make use of sudo to run pfctl. ## Users must configure sudo to allow telegraf user to run pfctl with no password. ## pfctl can be restricted to only list command "pfctl -s info". use_sudo = false ``` ### Permissions You have several options to grant Telegraf the permissions to run `pfctl`: - Run telegraf as root. This is strongly discouraged. - Change the ownership and permissions for `/dev/pf` to allow being read by the Telegraf user. This is discouraged. - Configure sudo to allow running `pfctl` as root by the Telegraf user. This is the most restrictive option, but require sudo setup. - Add the Telegraf user to the `proxy` group as `/dev/pf`. For the `sudo` option you may add the following to the sudo configuration: ```sudo telegraf ALL=(root) NOPASSWD: /sbin/pfctl -s info ``` ## Metrics - pf - entries (integer, count) - searches (integer, count) - inserts (integer, count) - removals (integer, count) - match (integer, count) - bad-offset (integer, count) - fragment (integer, count) - short (integer, count) - normalize (integer, count) - memory (integer, count) - bad-timestamp (integer, count) - congestion (integer, count) - ip-option (integer, count) - proto-cksum (integer, count) - state-mismatch (integer, count) - state-insert (integer, count) - state-limit (integer, count) - src-limit (integer, count) - synproxy (integer, count) ## Example Output ```shell > pfctl -s info Status: Enabled for 0 days 00:26:05 Debug: Urgent State Table Total Rate current entries 2 searches 11325 7.2/s inserts 5 0.0/s removals 3 0.0/s Counters match 11226 7.2/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 0 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s ``` ```text pf,host=columbia entries=3i,searches=2668i,inserts=12i,removals=9i 1510941775000000000 ``` #### Related - [Configure plugins](/telegraf/v1/configure_plugins/) - [PF Plugin Source](https://github.com/influxdata/telegraf/tree/v1.38.4/plugins/inputs/pf/README.md)