Docker - Telegraf Container with Syslog Receiver Input Plugin
I found out that an IoT device (smart power strip) had the setting to communicatie with a syslog server and I couldn’t find any documentation about that setting. That was a great opportunity for me to setup a Telegraf container as a syslog server. Also to find out what would be sent by the device to the syslog server. Eventually I could also use this setup for the Unifi Network Application, for example.
Telegraf from InfluxData is a server agent for collecting metrics from sensors and systems and writing them to InfluxDB or other outputs.
The plan was as follows:
- Adjust the firewall so that the IoT device can communicate from the IoT VLAN with the Telegraf Syslog Plugin via UDP port 6514 in the Server VLAN
- Set up Telegraf with the syslog plugin as input and a file as output in influx format (Influxdb can be set as output at a later time)
- Testing the syslog server via the command line with tcpdump and logger, this was also necessary because it turned out that the IoT device did not write anything to the Syslog Server!
- View the Telegraf output in influx data format
I won’t describe adding the firewall rule, but here you can read more about the firewall within the Unifi Network Application.
Here I describe the installation of the Docker Telegraf container. I run this Docker container on a Ubuntu VM that runs via [[ Proxmox VE ]]. I perform the following on the CLI.
Docker pull command:
docker pull telegraf
Within my home folder I have created a Docker folder where I create a subfolder for each container:
cd ~ mkdir -p docker/telegraf cd docker/telegraf
Also create folders where the Telegraf config file can be stored:
Create a new configuration with the Nano text editor:
sudo nano config/telegraf.conf
Copy and paste the configuration:
#The syslog plugin listens for syslog messages transmitted over a Unix Domain socket [inputs.syslog] ## Protocol, address and port to host the syslog receiver. server = "udp://:6514" # Send telegraf metrics to file(s) [outputs.file] ## Files to write to, "stdout" is a specially handled file. files = ["stdout", "/tmp/metrics.out"] ## Data format to output. data_format = "influx"
IMPORTANT, adjust the following:
Because this note is written in markdown it is currently not possible to put text between double brackets
Exit Nano with CTRL-X and save the changes. The configuration has been created. Now create a shell script with Nano:
sudo nano telegraf_run.sh
With this shell script we are going to create the container.
Copy the following into
docker run -d \ --name=telegraf \ --hostname=telegraf \ -p 6514:6514/udp \ -v $PWD/config/telegraf.conf:/etc/telegraf/telegraf.conf:ro \ -e TZ=Europe/Amsterdam \ --restart unless-stopped \ telegraf
If necessary, adjust the following:
Choose a port that is still available. Check this with netstat
Choose the location for the Telegraf configuration. In this example it is the config map we created
Pick the right timezone
Exit Nano with CTRL-X and save the changes.
Start the container:
sudo sh telegraf_run.sh
Check if the container is running properly.
See also my notes about updating containers with Portainer or via the CLI. With Synology’s Docker Application, updating a container is also very easy.
Testing the Syslog Receiver Input Plugin
Then I configured the IoT device with the syslog server:
- IP address of the docker host
- Port 6514 (udp)
Make sure the container is started and run:
docker exec -it telegraf /bin/bash
Now you are in the container, and you can view the output:
cat /tmp/metrics.out #and go back with exit
For me the file was empty and this was because the IoT device had not sent anything.
So I tested the Telegraf syslog server with the
logger command with which you can send syslog messages to the server yourself. The output of
metrics.out then looks like this:
syslog,appname=admin,facility=user,host=telegraf,hostname=ubuntuserver,severity=notice timestamp=1657970416034287000i,message="test",version=1i,timeQuality_tzKnown="1",timeQuality_isSynced="1",timeQuality_syncAccuracy="539010",facility_code=1i,severity_code=5i 1657970416034809769
Now everything works the output can be modified to InfluxDB.
Read other notes
Notes mentioning this note
- Ubuntu - Testing Syslog Connection with Tcpdump and Logger
It is very easy to send a syslog test message to a syslog server using logger and to check the...
No comments found for this note.
Join the discussion for this note on this ticket. Comments appear on this page instantly.