Oscar Segarra Yesterday at 22:41
Hi,
I’d like to monitor Windows and Linux hosts from the Internet and looks HTTP (or https) Listener or HTTP Relay can solve this requirement:
https://github.com/influxdata/telegraf/tree/master/plugins/inputs/http_listener
I’d like to know if is there any client that retrieves standard metrics (cpu, memory disk usage, and so on) and sends it through the internet to the telegraf “server”.
I’d like to know if is there any way to “securize” this data entry with a key, certificate or username/password in order to avoid an attacker to be able to flood the monitoring system.
Any advice will be welcome!
Thanks a lot.
Oscar,
Telegraf will both collect your metrics and move them around. There are individual plugins for cpu
, memory
, disk
and along with many others in telegraf. Enable the ones that you want for host monitoring.
Then in the output settings use the influxdb
output plugin to write to either influxdb-relay
or another telegraf instance using the http_listener
. There are ssl
config options for the influxdb
output that should secure your data during transit.
Hi Jack,
I have had a conversation with Kostas Bostas related to the implementation of a DMZ arquitecture due to the DMZ environment is quite small.
It looks InfluxData does don’t have any solution for the following this scenario:
Telegraf (collector) --> [Internet ] --> Telegraf “Proxy” in the DMZ --> InfluxDB
It looks I have to configure a 3dr party proxy softare (like squid, or nginx, or apache reverse proxy) to solve the -Telegraf “Proxy”- Piece.
Is there any suggested product/configuration in order to configure the DMZ element?
Thanks a lot.
@Oscar_Segarra I would definitely use a Load Balancer to do TLS termination in that situation.
Telegraf (collector) -> [ Internet ] -> Nginx -> InfluxDB-Relay -> InfluxDB
OR
Telegraf (collector) -> [ Internet ] -> Nginx -> Telegraf ([socket_listener](https://github.com/influxdata/telegraf/tree/master/plugins/inputs/socket_listener), [influxdb](https://github.com/influxdata/telegraf/tree/master/plugins/outputs/influxdb)) -> InfluxDB
I’ve found that Nginx works well in this role. Also there is great LetsEncrypt
support with Nginx that should make setting up that HTTPS endpoint pretty quick.
Jack
Hi Jack,
The following configuration:
Telegraf (collector) --> [Internet ] --> Nginx --> InfluxDB
Has any problem?
Thanks a lot!