Google Firewall Insights Metrics via Telegraf

Google Firewall Insights Metrics via Telegraf

Ship your Google Firewall Insights Metrics via Telegraf to your Logit.io Stack

Configure Telegraf to ship Google Firewall Insights metrics to your Logit.io stacks via Logstash.

Install Integration

Please click on the Install Integration button to configure your stack for this source.

Set Credentials in GCP

@intro

  • Begin by heading over to the 'Project Selector' (opens in a new tab) and select the specific project from which you wish to send metrics.

    • Progress to the 'Service Account Details' screen. Here, assign a distinct name to your service account and opt for 'Create and Continue'.
    • In the 'Grant This Service Account Access to Project' screen, ensure the following roles: 'Compute Viewer', 'Monitoring Viewer', and 'Cloud Asset Viewer'.
    • Upon completion of the above, click 'Done'.
    • Now find and select your project in the 'Service Accounts for Project' list.
    • Move to the 'KEYS' section.
    • Navigate through Keys > Add Key > Create New Key, and specify 'JSON' as the key type.
    • Lastly, click on 'Create', and make sure to save your new key.

    Now add the environment variable for the key

    On the machine run:

    export GOOGLE_APPLICATION_CREDENTIALS=<your-gcp-key>

Install Telegraf

This integration allows you to configure a Telegraf agent to send your metrics, in multiple formats, to Logit.io.

Choose the installation method for your operating system:

When you paste the command below into Powershell it will download the Telegraf zip file. Once that is complete, press Enter again and the zip file will be extracted into C:\Program Files\InfluxData\telegraf\telegraf-1.31.2.

wget https://dl.influxdata.com/telegraf/releases/telegraf-1.31.2_windows_amd64.zip -UseBasicParsing -OutFile telegraf-1.31.2_windows_amd64.zip 
Expand-Archive .\telegraf-1.31.2_windows_amd64.zip -DestinationPath 'C:\Program Files\InfluxData\telegraf'

Configure the Telegraf input plugin

First you need to set up the input plug-in to enable Telegraf to scrape the GCP data from your hosts. This can be accomplished by incorporating the following code into your configuration file:

# Gather timeseries from Google Cloud Platform v3 monitoring API
[[inputs.stackdriver]]
  ## GCP Project
  project = "<your-project-name>"
 
  ## Include timeseries that start with the given metric type.
  metric_type_prefix_include = [
	"@metric_type",
  ]
 
  ## Most metrics are updated no more than once per minute; it is recommended
  ## to override the agent level interval with a value of 1m or greater.
  interval = "1m"

Read more about how to configure data scraping and configuration options for Stackdriver (opens in a new tab)

Configure the output plugin

Once you have generated the configuration file, you need to set up the output plug-in to allow Telegraf to transmit your data to Logit.io in Prometheus format. This can be accomplished by incorporating the following code into your configuration file:

[[outputs.http]]
  url = "https://@metricsUsername:@metricsPassword@@metrics_id-vm.logit.io:@vmAgentPort/api/v1/write"
  data_format = "prometheusremotewrite"
 
  [outputs.http.headers]
    Content-Type = "application/x-protobuf"
    Content-Encoding = "snappy"

Start Telegraf

From the location where Telegraf was installed (C:\Program Files\InfluxData\telegraf\telegraf-1.31.2) run the program providing the chosen configuration file as a parameter:

.\telegraf.exe --config telegraf-demo.conf

Once Telegraf is running you should see output similar to the following, which confirms the inputs, output and basic configuration the application has been started with: Powershell Telegraf information

View your metrics

Data should now have been sent to your Stack.

View My Data

If you don't see metrics take a look at How to diagnose no data in Stack below for how to diagnose common issues.

How to diagnose no data in Stack

If you don't see data appearing in your stack after following this integration, take a look at the troubleshooting guide for steps to diagnose and resolve the problem or contact our support team and we'll be happy to assist.

Telegraf Google Firewall Insights Platform metrics Overview

For comprehensive monitoring and insightful analysis of Google Firewall Insights metrics across distributed systems, the implementation of a robust and capable metrics management solution, such as Telegraf, is of utmost importance. Telegraf, an open-source server agent, is highly regarded for its ability to collect and report metrics from various sources, including firewall instances, network devices, and relevant applications.

Telegraf offers a wide array of input plugins, empowering users to gather diverse metrics like rule hits, connection counts, traffic volume, and more. These metrics play a critical role in understanding the performance and effectiveness of Google Firewall Insights. To store and analyze these metrics, organizations can leverage Prometheus, an open-source monitoring and alerting toolkit known for its flexible query language and powerful data visualization capabilities.

The process of transmitting Google Firewall Insights metrics from Telegraf to Prometheus involves configuring Telegraf to present metrics in Prometheus's format and then instructing Prometheus to scrape these metrics from the Telegraf server.

Once the metrics are successfully integrated into Prometheus, further in-depth analysis and visualization can be performed using Grafana. Grafana, a premier open-source platform for monitoring and observability, seamlessly integrates with Prometheus, allowing users to create dynamic, interactive dashboards for a comprehensive examination of the metrics data. This enables organizations to gain valuable insights into firewall traffic patterns, rule effectiveness, and potential security risks within Google Firewall Insights.

If you need any further assistance with shipping your log data to Logit.io we're here to help you get started. Feel free to get in contact with our support team by sending us a message via live chat & we'll be happy to assist.