Docker - Telegraf Container with Syslog Receiver Input Plugin


I found out that an IoT device (smart power strip) had the setting to communicatie with a syslog server and I couldn’t find any documentation about that setting. That was a great opportunity for me to setup a Telegraf container as a syslog server. Also to find out what would be sent by the device to the syslog server. Eventually I could also use this setup for the Unifi Network Application, for example.

Telegraf from InfluxData is a server agent for collecting metrics from sensors and systems and writing them to InfluxDB or other outputs.

The plan was as follows:

  1. Adjust the firewall so that the IoT device can communicate from the IoT VLAN with the Telegraf Syslog Plugin via UDP port 6514 in the Server VLAN
  2. Set up Telegraf with the syslog plugin as input and a file as output in influx format (Influxdb can be set as output at a later time)
  3. Testing the syslog server via the command line with tcpdump and logger, this was also necessary because it turned out that the IoT device did not write anything to the Syslog Server!
  4. View the Telegraf output in influx data format

I won’t describe adding the firewall rule, but here you can read more about the firewall within the Unifi Network Application.

Installation

Here I describe the installation of the Docker Telegraf container. I run this Docker container on a Ubuntu VM that runs via [[ Proxmox VE ]]. I perform the following on the CLI.

Docker pull command:

docker pull telegraf

Within my home folder I have created a Docker folder where I create a subfolder for each container:

cd ~
mkdir -p docker/telegraf
cd docker/telegraf

Also create folders where the Telegraf config file can be stored:

mkdir config

Create a new configuration with the Nano text editor:

sudo nano config/telegraf.conf

Copy and paste the configuration:

#The syslog plugin listens for syslog messages transmitted over a Unix Domain socket
[inputs.syslog]
  ## Protocol, address and port to host the syslog receiver.
  server = "udp://:6514"
  
# Send telegraf metrics to file(s)
[outputs.file]
  ## Files to write to, "stdout" is a specially handled file.
  files = ["stdout", "/tmp/metrics.out"]

  ## Data format to output.
  data_format = "influx"

IMPORTANT, adjust the following:

Replace [ with [[ and ] with ]] of [inputs.syslog] and [outputs.file]
Because this note is written in markdown it is currently not possible to put text between double brackets

Exit Nano with CTRL-X and save the changes. The configuration has been created. Now create a shell script with Nano:

sudo nano telegraf_run.sh

With this shell script we are going to create the container. Copy the following into telegraf_run.sh:

docker run -d \
 --name=telegraf \
 --hostname=telegraf \
 -p 6514:6514/udp \
 -v $PWD/config/telegraf.conf:/etc/telegraf/telegraf.conf:ro \
 -e TZ=Europe/Amsterdam \
 --restart unless-stopped \
 telegraf

If necessary, adjust the following:

-p 6514:6514/udp
Choose a port that is still available. Check this with netstat

-v $PWD/config/telegraf.conf:/etc/telegraf/telegraf.conf:ro
Choose the location for the Telegraf configuration. In this example it is the config map we created

-e TZ=Europe/Amsterdam
Pick the right timezone

Exit Nano with CTRL-X and save the changes.

Start the container:

sudo sh telegraf_run.sh

Check if the container is running properly.

See also my notes about updating containers with Portainer or via the CLI. With Synology’s Docker Application, updating a container is also very easy.

Testing the Syslog Receiver Input Plugin

Then I configured the IoT device with the syslog server:

  • IP address of the docker host
  • Port 6514 (udp)

Make sure the container is started and run:

docker exec -it telegraf /bin/bash

Now you are in the container, and you can view the output:

cat /tmp/metrics.out
#and go back with exit

For me the file was empty and this was because the IoT device had not sent anything. So I tested the Telegraf syslog server with the logger command with which you can send syslog messages to the server yourself. The output of metrics.out then looks like this:

syslog,appname=admin,facility=user,host=telegraf,hostname=ubuntuserver,severity=notice timestamp=1657970416034287000i,message="test",version=1i,timeQuality_tzKnown="1",timeQuality_isSynced="1",timeQuality_syncAccuracy="539010",facility_code=1i,severity_code=5i 1657970416034809769

Now everything works the output can be modified to InfluxDB.


Read other notes

Comments

    No comments found for this note.

    Join the discussion for this note on this ticket. Comments appear on this page instantly.

    Tags


    Notes mentioning this note


    Notes Graph