How Telegraf is secure while transferring data to InfluxDB ? What security protocol does it use to secure data and how it works internally. ?
I could be mistaken, but as far as i am aware by deefault there is no security setting. You can however enable SSL support in the Telegraf config.
When you set your connection details in the [output.influxdb] section of the Telegraf configuration if you change the URL to HTTPS instead of HTTP this will enable HTTPS.
If you want to use a self signed certificate you can add the following line to your Telegraf configuration.
insecure_skip_verify = true
Example Telegraf Config:
# Configuration for influxdb server to send metrics to [[outputs.influxdb]] # The full HTTP or UDP endpoint URL for your InfluxDB instance. # Multiple urls can be specified but it is assumed that they are part of the same # cluster, this means that only ONE of the urls will be written to each interval. # urls = ["udp://localhost:8089"] # UDP endpoint example # urls = ["https://localhost:8087"] urls = ["https://192.168.1.25:8086"] # The target database for metrics (telegraf will create it if not exists) database = "telegraf" # required #retention_policy = "Prevensys30days" # Optional, Telegraf will use the DEFAULT RP set by Influx unless overridden here. # Precision of writes, valid values are "ns", "us" (or "µs"), "ms", "s", "m", "h". # note: using second precision greatly helps InfluxDB compression precision = "s" ## Write timeout (for the InfluxDB client), formatted as a string. ## If not provided, will default to 5s. 0s means no timeout (not recommended). timeout = "5s" username = "username" password = "password" # Set the user agent for HTTP POSTs (can be useful for log differentiation) # user_agent = "telegraf" # Set UDP payload size, defaults to InfluxDB UDP Client default (512 bytes) # udp_payload = 512 insecure_skip_verify = true
You will also need to enable SSL in the InfluxDB configuration
Apart from that, I don’t know of another way, but i think that more support is being added to the telegraf plugins to allow them to use SSL/TLS. However i could be wrong!
Hope that helps