Google Firewall Insights Metrics via Telegraf
Ship your Google Firewall Insights Metrics via Telegraf to your Logit.io Stack
Configure Telegraf to ship Google Firewall Insights metrics to your Logit.io stacks via Logstash.
Install Integration
Set Credentials in GCP
@intro
-
Begin by heading over to the 'Project Selector' (opens in a new tab) and select the specific project from which you wish to send metrics.
- Progress to the 'Service Account Details' screen. Here, assign a distinct name to your service account and opt for 'Create and Continue'.
- In the 'Grant This Service Account Access to Project' screen, ensure the following roles: 'Compute Viewer', 'Monitoring Viewer', and 'Cloud Asset Viewer'.
- Upon completion of the above, click 'Done'.
- Now find and select your project in the 'Service Accounts for Project' list.
- Move to the 'KEYS' section.
- Navigate through Keys > Add Key > Create New Key, and specify 'JSON' as the key type.
- Lastly, click on 'Create', and make sure to save your new key.
Now add the environment variable for the key
On the machine run:
export GOOGLE_APPLICATION_CREDENTIALS=<your-gcp-key>
Install Telegraf
This integration allows you to configure a Telegraf agent to send your metrics, in multiple formats, to Logit.io.
Choose the installation method for your operating system:
When you paste the command below into Powershell it will download the Telegraf zip file.
Once that is complete, press Enter again and the zip file will be extracted into C:\Program Files\InfluxData\telegraf\telegraf-1.31.2.
wget https://dl.influxdata.com/telegraf/releases/telegraf-1.31.2_windows_amd64.zip -UseBasicParsing -OutFile telegraf-1.31.2_windows_amd64.zip
Expand-Archive .\telegraf-1.31.2_windows_amd64.zip -DestinationPath 'C:\Program Files\InfluxData\telegraf'Configure the Telegraf input plugin
First you need to set up the input plug-in to enable Telegraf to scrape the GCP data from your hosts. This can be accomplished by incorporating the following code into your configuration file:
# Gather timeseries from Google Cloud Platform v3 monitoring API
[[inputs.stackdriver]]
## GCP Project
project = "<your-project-name>"
## Include timeseries that start with the given metric type.
metric_type_prefix_include = [
"@metric_type",
]
## Most metrics are updated no more than once per minute; it is recommended
## to override the agent level interval with a value of 1m or greater.
interval = "1m"Read more about how to configure data scraping and configuration options for Stackdriver (opens in a new tab)
Configure the output plugin
Once you have generated the configuration file, you need to set up the output plug-in to allow Telegraf to transmit your data to Logit.io in Prometheus format. This can be accomplished by incorporating the following code into your configuration file:
[[outputs.http]]
url = "https://@metricsUsername:@metricsPassword@@metrics_id-vm.logit.io:@vmAgentPort/api/v1/write"
data_format = "prometheusremotewrite"
[outputs.http.headers]
Content-Type = "application/x-protobuf"
Content-Encoding = "snappy"Start Telegraf
From the location where Telegraf was installed (C:\Program Files\InfluxData\telegraf\telegraf-1.31.2) run the program
providing the chosen configuration file as a parameter:
.\telegraf.exe --config telegraf-demo.confOnce Telegraf is running you should see output similar to the following, which confirms the inputs,
output and basic configuration the application has been started with:
View your metrics
Data should now have been sent to your Stack.
View My DataIf you don't see metrics take a look at How to diagnose no data in Stack below for how to diagnose common issues.
How to diagnose no data in Stack
If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.
Telegraf Google Firewall Insights Platform metrics Overview
For comprehensive monitoring and insightful analysis of Google Firewall Insights metrics across distributed systems, the implementation of a robust and capable metrics management solution, such as Telegraf, is of utmost importance. Telegraf, an open-source server agent, is highly regarded for its ability to collect and report metrics from various sources, including firewall instances, network devices, and relevant applications.
Telegraf offers a wide array of input plugins, empowering users to gather diverse metrics like rule hits, connection counts, traffic volume, and more. These metrics play a critical role in understanding the performance and effectiveness of Google Firewall Insights. To store and analyze these metrics, organizations can leverage Prometheus, an open-source monitoring and alerting toolkit known for its flexible query language and powerful data visualization capabilities.
The process of transmitting Google Firewall Insights metrics from Telegraf to Prometheus involves configuring Telegraf to present metrics in Prometheus's format and then instructing Prometheus to scrape these metrics from the Telegraf server.
Once the metrics are successfully integrated into Prometheus, further in-depth analysis and visualization can be performed using Grafana. Grafana, a premier open-source platform for monitoring and observability, seamlessly integrates with Prometheus, allowing users to create dynamic, interactive dashboards for a comprehensive examination of the metrics data. This enables organizations to gain valuable insights into firewall traffic patterns, rule effectiveness, and potential security risks within Google Firewall Insights.
If you need any further assistance with shipping your log data to Logit.io we're here to help you get started. Feel free to get in contact with our support team by sending us a message via live chat & we'll be happy to assist.