1,001 B
Script to produce Prometheus-style .prom files from pfctl(8) output.
By default places output in /var/tmp/node_exporter, for the benefit of node_exporter.
Currently only collects data from running jails (not the host itself).
Assumptions
The script first checks for the existence of /dev/pf.
Jails with a /dev/pf have paths either of the form
/x/y
or
/x/y/root
Both cases are checked, and if /sbin/pfctl and /libexec/ld-elf.so.1 are found, they are used as-is.
If not, the former pattern is expected to be the parent of a wrapped jail, with no libraries or binaries in the regular paths.
The inner jail is expected to have a path prefix of /root relative to the parent; In such cases, the script sets LD_LIBRARY_PATH
to /root/lib and invokes /root/libexec/ld-elf.so.1 to execute /root/sbin/pfctl.
Work to be done
- Be more flexible about jail path layouts
- Support collecting pf stats for the host
- Collect per-rule statistics
- Collect per-table statistics