Loki conntrack

conntrack

This dashboard uses Loki to display information about the network connections of a gateway.

Info: https://elpuig.xeill.net/Members/vcarceler/articulos/registro-del-trafico-en-gnu-linux-mediante-conntrack-loki-y-grafana

In the gateway, the following systemd unit has been defined.

vcarceler@cirdan-2204:~$ cat /etc/systemd/system/conntrack-to-journal.service 
[Unit]
Description=Send to journal DESTROY events for nat flows
After=network.target

[Service]
Type=simple
# Needs:
#
# echo 1 >/proc/sys/net/netfilter/nf_conntrack_acct
# echo 1 >/proc/sys/net/netfilter/nf_conntrack_timestamp
#
# Increased buffer-size
ExecStart=/bin/sh -c '/usr/sbin/conntrack -E -e DESTROY --buffer-size 21299200 | /usr/bin/sed "s/\[DESTROY\] /\[DESTROY\] prot=/;s/src=/srca=/;s/src=/srcb=/;s/dst=/dsta=/;s/dst=/dstb=/;s/sport=/sporta=/;s/sport=/sportb=/;s/dport=/dporta=/;s/dport=/dportb=/;s/packets=/packetsa=/;s/packets=/packetsb=/;s/bytes=/bytesa=/;s/bytes=/bytesb=/"'
TimeoutSec = 2
Restart = on-failure
RestartSec = 10

[Install]
WantedBy=multi-user.target
vcarceler@cirdan-2204:~$

This unit uses conntrack to log a line to the journal every time conntrack closes a connection. We use sed to rename the fields src, dst, sport, dport, … for both flows.

We enable accounting and timestamp in sysctl.conf.

net.netfilter.nf_conntrack_acct = 1
net.netfilter.nf_conntrack_timestamp = 1

Revisions

Revision	Description	Created
			Download

Grafana Loki (self-hosted)

Grafana Labs solution

Easily monitor Grafana Loki (self-hosted), a horizontally scalable, highly available, multi-tenant log aggregation system inspired by Prometheus, with Grafana Cloud's out-of-the-box monitoring solution.

Get this dashboard

Import the dashboard template

Download JSON

Resources

Docs: Importing dashboards Webinar: Getting started with Grafana dashboard design Webinar: Building advanced Grafana dashboards

Datasource

Dependencies

Feedback

Relevant sources:

Feedback

Loki conntrack

Data source config

Collector config:

Get this dashboard