Difficulty setting up InfluxDB 2.0 with Grafana

[sniper0891]

Hello I have come to create this post specially, to have some help from you. Especially from @faandg who had nevertheless described a precise method for interfacing between PfSense (telegraf)> InfluxDB 2.0> Grafana.

However, after trying to fill in the InfluxDB database in Grafana:

1) Name = OK 2) Query Language = InfluxQL 3) HTTP = http://URL:InfluxDB2.0:8086

4) Auth = several options here: a) Basic auth (I chose this option, with influxadm as user and the associated password in InfluxDB 2.0 (admin account) b) TLS Client Auth c) Skip TLS Verify d) .... For this part, I am not sure of the procedure (it was not detailed from @faandg)

5) Custom HTTP Headers Header = Authorization Value = token (create for grafana in influxDB 2.0

6) InfluxDB Details Database = pfsense User = no Password = no

Save and test = InfluxDB Error: Bad Request

If you could help me please, I've been breaking my teeth on it for a few days.

For information, I virtualize containers from my QNAP NAS Server.

I would also like to point out that this is not a firewall rule that could block exchanges because I managed to configure InfluxDB 2.0 and Grafana with Flux instead of InfluxQL. The problem is as you know the interfacing with telegraf from PfSense does not work with this Query Language.

Best regards

[faandg]

Hey @sniper0891

I can give you a couple of pointers:

If you want to connect to influxDB2 but use influxQL, you must first map a v2 bucket to a v1 dbrp object otherwise it will not work.

1. create a bucket and take note of the bucketID
2. create a mapping (not available in UI, use CLI influx v1 dbrp create --bucket-id "bucketID" --db "mybucket" --rp "autogen" --default --org "myorg")

Next, disable ALL auth options:

We want to use a v2 token instead.

After you have created your token and granted it access to your bucket set the Custom HTTP Header: Header: Authorization Value: Token xyzPnhduwnkVltuwJTyXWcM33uzBWBhPRAEYTdhI0clAKZfZcZgMYUS_FJK4UkeQtXE54Mwg9rUrfEf3mSDEFXV== ^ note that the value must include the word "Token", followed by a space and then your actual token.

[sniper0891]

First of all excuse me for the delay @faandg.

The precision of your procedures is nickel.

I was able to pick up on the subtlety that I had missed, but is it so unusual?

"Value: Token xyzPnhduwnkVltuwJTyXWcM33uzBWBhPRAEYTdhI0clAKZfZcZgMYUS_FJK4UkeQtXE54Mwg9rUrfEf3mSDEFXV == ^ note that the value must include the word "Token", followed by a space and then your actual token.

After adding the keyword "Token" followed by a "space" + the real key, it works perfectly with the monitoring models offered on the Grafana site for pfSense.

I thank you for the time given.

Have a good evening.

[sniper0891]

I only have one last question:

If I want to do it with Flux and not InfluxQL, is it possible?

I believe that to this day the pfSense telegraf is still blocking this right?

What advantage if this is possible?

thanks in advance

[faandg]

I was able to pick up on the subtlety that I had missed, but is it so unusual?

"Value: Token xyzPnhduwnkVltuwJTyXWcM33uzBWBhPRAEYTdhI0clAKZfZcZgMYUS_FJK4UkeQtXE54Mwg9rUrfEf3mSDEFXV == ^ note that the value must include the word "Token", followed by a space and then your actual token.

After adding the keyword "Token" followed by a "space" + the real key, it works perfectly with the monitoring models offered on the Grafana site for pfSense.

It is not unusual because it is http header syntax but easy to miss. First time I was setting this up I missed it as well.

If I want to do it with Flux and not InfluxQL, is it possible?

Telegraf is not the issue, it simply sends data to influxdb. This dashboard and many others use InfluxQL queries to get data from influxDB. Edit a graph and you will see it.

Flux is a different query language (introduced starting influxdb 2.0) and not many people know it because it is still rather new.

Using Flux for the Grafana datasource will only work if the Grafana dashboard is built with Flux queries.

[amacado]

In addition to @faandg response: For all people trying to setup the connection trough the cloud provided influxdb V2 you can also use the API method for creating the bucket<>database mapping following this API request: https://docs.influxdata.com/influxdb/v2.0/query-data/influxql/?t=InfluxDB+API#map-unmapped-buckets

POST https://{...}.influxdata.com/api/v2/dbrps

{
    "bucketID": "XXX",
    "database": "XXX",
    "default": true,
    "orgID": "XXX",
    "retention_policy": "autogen"
}

[lgwapnitsky]

I only have one last question:

If I want to do it with Flux and not InfluxQL, is it possible?

I believe that to this day the pfSense telegraf is still blocking this right?

What advantage if this is possible?

thanks in advance

I've been working on redoing this in Flux. If someone would like to test it for me, that would be great. The only thing I can't test is temperature, as I'm running pfSense in a virtual machine

[faandg]

@lgwapnitsky Cool. Willing to test if you can send it to me and give me a couple days. I have an APU board with temperature sensors. Also some VPNs (Wireguard and IPSEC) might be interesting to test those as well. I can test pretty much everything shown on the dashboard except pfBlocker.

[lgwapnitsky]

@lgwapnitsky Cool. Willing to test if you can send it to me and give me a couple days. I have an APU board with temperature sensors. Also some VPNs (Wireguard and IPSEC) might be interesting to test those as well. I can test pretty much everything shown on the dashboard except pfBlocker.

I forked it. Currently on my personal repo

[roudou]

I only have one last question: If I want to do it with Flux and not InfluxQL, is it possible? I believe that to this day the pfSense telegraf is still blocking this right? What advantage if this is possible? thanks in advance

I've been working on redoing this in Flux. If someone would like to test it for me, that would be great. The only thing I can't test is temperature, as I'm running pfSense in a virtual machine

Good i can test if you want

[lgwapnitsky]

I only have one last question: If I want to do it with Flux and not InfluxQL, is it possible? I believe that to this day the pfSense telegraf is still blocking this right? What advantage if this is possible? thanks in advance

I've been working on redoing this in Flux. If someone would like to test it for me, that would be great. The only thing I can't test is temperature, as I'm running pfSense in a virtual machine

Awesome! I still have some more work to do, fine-tuning of headers, and such

https://github.com/lgwapnitsky/pfSense-Dashboard/

[faandg]

I've been working on redoing this in Flux. If someone would like to test it for me, that would be great. The only thing I can't test is temperature, as I'm running pfSense in a virtual machine

@lgwapnitsky I'm able to run it partially after some tweaks. Found a couple of non-variable references to something it could not find

Also had to remove the datasource instance filter, did not get any matches on my datasource names (might be related)

and a bucket which is not mine:

Good news: temperature seems to work (4 entries for 4 CPU cores)

Could not get the traffic to work for some reason :/

[lgwapnitsky]

Ah,yes. Been doing cut and paste from influx data explorer.

As for the others, ill keep plugging away. Ive only been at this for a week, learning flux on the fly

[lgwapnitsky]

Are you running the net interface script on the pfsense box?

On Thu, Feb 10, 2022, 16:38 faandg @.***> wrote:

I've been working on redoing this in Flux. If someone would like to test it for me, that would be great. The only thing I can't test is temperature, as I'm running pfSense in a virtual machine

@lgwapnitsky https://github.com/lgwapnitsky I'm able to run it partially after some tweaks. Found a couple of non-variable references to something it could not find [image: image] https://user-images.githubusercontent.com/5772741/153497434-9ec23f44-e144-4051-9ab4-2f9a8e6380ce.png

Also had to remove the datasource instance filter, did not get any matches on my datasource names (might be related) [image: image] https://user-images.githubusercontent.com/5772741/153500421-47e18d8b-24a3-428b-b452-f8798d34fb8e.png

and a bucket which is not mine: [image: image] https://user-images.githubusercontent.com/5772741/153497402-d2b4063e-34d0-48b7-b981-4fd2936c892e.png

Good news: temperature seems to work (4 entries for 4 CPU cores) [image: image] https://user-images.githubusercontent.com/5772741/153498960-0aab8b16-7118-4185-9549-e3dc3cfe09ff.png

Could not get the interfaces to work for some reason :/

— Reply to this email directly, view it on GitHub https://github.com/VictorRobellini/pfSense-Dashboard/issues/44#issuecomment-1035547132, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE6CFC25VAFKH7ZYFMDB3LU2QV67ANCNFSM5FWVNIIQ . You are receiving this because you were mentioned.Message ID: @.***>

[faandg]

I am running these:

[[inputs.exec]]
    commands = [
        "/usr/local/bin/telegraf_pfifgw.php",
        "sh /usr/local/bin/telegraf_temperature.sh"
    ]
    data_format = "influx"

Same ones that are configured in your forked repository

[lgwapnitsky]

OK. I'll review my code tomorrow and verify. It does work on my system...

I think I know what it is. I adjusted the query, but didn't upload the adjusted json

On Thu, Feb 10, 2022, 17:11 faandg @.***> wrote:

I am running these:

[[inputs.exec]] commands = [ "/usr/local/bin/telegraf_pfifgw.php", "sh /usr/local/bin/telegraf_temperature.sh" ] data_format = "influx"

Same ones that are configured in your forked repository

— Reply to this email directly, view it on GitHub https://github.com/VictorRobellini/pfSense-Dashboard/issues/44#issuecomment-1035582839, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE6CFEH6TOLH2LBKYPETATU2QZZRANCNFSM5FWVNIIQ . You are receiving this because you were mentioned.Message ID: @.***>

[lgwapnitsky]

the datasource UID is unique to the setup. That's something I need to look into.

I adjusted the static mappings to my data source to reference the variable

See if the latest update fixes at least the interfaces for you. I have a 50ms load time on mine

[lgwapnitsky]

[wrightsonm]

@lgwapnitsky I have a 100% rewrite into flux if you are interested?

[lgwapnitsky]

@lgwapnitsky I have a 100% rewrite into flux if you are interested?

As do i

[lgwapnitsky]

more updates made to my repo ;)

[wrightsonm]

I made some changes to reduce the cardinality of the data that could be stored due to pfblocker. Discussed at the end of this thread:

https://forum.netgate.com/topic/152132/grafana-dashboard-using-telegraf-with-additional-plugins/163

It would appear i also need to convert tld from a tag to a field:

Query for the top chart:

import "influxdata/influxdb/v1"
cardinalityByTag = (bucket) =>
v1.tagKeys(bucket: bucket)
|> map(fn: (r) => ({
tag: r._value,
_value: if contains(set: ["_stop","_start"], value:r._value) then
0
else
(v1.tagValues(bucket: bucket, tag: r._value,predicate: (r)=> r["_measurement"] =~ /${Measurements}/)
|> count()
|> findRecord(fn: (key) => true, idx: 0))._value
}))
|> group(columns:["tag"])
|> sum()
|> keep(columns: ["tag","_value"])
cardinalityByTag(bucket: "pfsense")

[wrightsonm]

@lgwapnitsky I have forked and committed my version of the dashboard. https://github.com/wrightsonm/pfSense-Dashboard

I downloaded your version to take a look and noticed that it has less variables setup on the dashboard. Yours has also made an assumption that datasource and bucket are the same thing.

I have taken some inspiration from your dashboard as I realised that I had a similar problem and had assumed the bucket name was "pfsense", so I have improved mine a bit so that you can select dataSource and then bucket which should hopefully be more adaptable to other setups. I also noticed that your disk utilization is only shows 1 mount point on my system.

The rest of my dashboard is hopefully in-line with @VictorRobellini 's original design. I of course welcome feedback. One consideration i did have was migrating the dashboard to using graphonnet. this would give a dashboard-as-code and would make it more easily maintainable in the future.

I found that the performance of the ip_block_log database was impacted after I had been port scanned, or had a malicious actor attempting to hack me. this is why I changed the telegraf slightly:

https://github.com/wrightsonm/pfSense-Dashboard/commit/eefb0ebae83db506c68215abfb78e77b74f4d5b6

[lgwapnitsky]

Great work. I have only been working at this for fewer than 2 weeks, so I have plenty to learn and add/adjust

[faandg]

For me that was indeed one of the problems to get it running: my datasource and bucket have different names, hence I have to make some tweaks.

@lgwapnitsky the updated json still does not show the panels for me ([no data] or [Data is missing a number field]). This might be due to the datasource/bucket mapping though. I'm also very tired right now so maybe I'm being stupid :)

@wrightsonm I'll check out your dash too when I find the time, looks like you've been working on it for some time. BTW, I think you are suffering from the same pfsense bug as me: your swap is at 100%, which is the first thing I noticed on my APU before there was no memory left. Check out the memory usage of the process 'pcscd'. If you don't have any IPSEC vpn's you can simply disable pcscd service until it's fixed in the next stable version.

[lgwapnitsky]

For me that was indeed one of the problems to get it running: my datasource and bucket have different names, hence I have to make some tweaks.

@lgwapnitsky the updated json still does not show the panels for me ([no data] or [Data is missing a number field]). This might be due to the datasource/bucket mapping though. I'm also very tired right now so maybe I'm being stupid :)

@wrightsonm I'll check out your dash too when I find the time, looks like you've been working on it for some time. BTW, I think you are suffering from the same pfsense bug as me: your swap is at 100%, which is the first thing I noticed on my APU before there was no memory left. Check out the memory usage of the process 'pcscd'. If you don't have any IPSEC vpn's you can simply disable pcscd service until it's fixed in the next stable version.

I'll be back to it next week, and i'll add the bucket/datasource change

Great work,all. Together we're doing great

[wrightsonm]

Good spot @faandg , i have lots of spare ram so fortunately this particaulr bug didn't affect me. I have stopped and disabled the service since it is not required and will await the next stable release. Looks like SWAP has been full for quite a while!

[faandg]

Thing is, I had the same stats as you in Grafana when unbound stopped due to memory issues. But in pfsense I was seeing a lot more memory usage (100%), so I opened https://github.com/VictorRobellini/pfSense-Dashboard/issues/57

[lgwapnitsky]

@faandg - i updated my json. should be better now. I took some inspiration for some tweaks from @wrightsonm , so hopefully it's working better, now.

I still have some work to do on long-range statistics, but I'm getting closer (I need more coffee, this morning)

[roykrikke]

@lgwapnitsky I have forked and committed my version of the dashboard. https://github.com/wrightsonm/pfSense-Dashboard

I downloaded your version to take a look and noticed that it has less variables setup on the dashboard. Yours has also made an assumption that datasource and bucket are the same thing.

I have taken some inspiration from your dashboard as I realised that I had a similar problem and had assumed the bucket name was "pfsense", so I have improved mine a bit so that you can select dataSource and then bucket which should hopefully be more adaptable to other setups. I also noticed that your disk utilization is only shows 1 mount point on my system.

The rest of my dashboard is hopefully in-line with @VictorRobellini 's original design. I of course welcome feedback. One consideration i did have was migrating the dashboard to using graphonnet. this would give a dashboard-as-code and would make it more easily maintainable in the future.

I found that the performance of the ip_block_log database was impacted after I had been port scanned, or had a malicious actor attempting to hack me. this is why I changed the telegraf slightly:

wrightsonm@eefb0eb

wrightsonm I updated you json file where I came across the variable issue: bucket name was "pfsense", so I have improved the complate json to make the variables dependent as it should be. Just run a diff of your config in github to view the delta's. Btw. great work you did, I share my update so others can benefit as well.

pfSense-Grafana-Dashboard.json.txt

[WildStar2022]

Awesome work guys! Thank you!

[zyxep]

have anyone tested this with grafana 9 & influxdb 2.4?

[faandg]

Still works for me on Grafana 9.1.4 (latest) and influxdb 2.4.0 (latest)

[zyxep]

With some tiny modifications i got "all" panels to work :) except pfblocker (don't have that plugin) and ofc temp because we run virtual appliance.

I don't understand why WAN variable is custom field text though.

[Wallace911]

@lgwapnitsky I have forked and committed my version of the dashboard. https://github.com/wrightsonm/pfSense-Dashboard I downloaded your version to take a look and noticed that it has less variables setup on the dashboard. Yours has also made an assumption that datasource and bucket are the same thing. I have taken some inspiration from your dashboard as I realised that I had a similar problem and had assumed the bucket name was "pfsense", so I have improved mine a bit so that you can select dataSource and then bucket which should hopefully be more adaptable to other setups. I also noticed that your disk utilization is only shows 1 mount point on my system. The rest of my dashboard is hopefully in-line with @VictorRobellini 's original design. I of course welcome feedback. One consideration i did have was migrating the dashboard to using graphonnet. this would give a dashboard-as-code and would make it more easily maintainable in the future.

I found that the performance of the ip_block_log database was impacted after I had been port scanned, or had a malicious actor attempting to hack me. this is why I changed the telegraf slightly: wrightsonm@eefb0eb

wrightsonm I updated you json file where I came across the variable issue: bucket name was "pfsense", so I have improved the complate json to make the variables dependent as it should be. Just run a diff of your config in github to view the delta's. Btw. great work you did, I share my update so others can benefit as well.

pfSense-Grafana-Dashboard.json.txt

Hi man! Thank's for your work! It works but I have a little problem with some panels. There are the block of "Temperature Sensors" "pfBlocker Stats", "pfBlocker Details", "Unbound DNS Stats", "Network Stats" and "Wan Interface" where I can't see any data. My pfSense is virtualized on proxmox, I don't know if this is a problem. Can you help me to visualize the data?

[warioishere]

@lgwapnitsky I have forked and committed my version of the dashboard. https://github.com/wrightsonm/pfSense-Dashboard

I downloaded your version to take a look and noticed that it has less variables setup on the dashboard. Yours has also made an assumption that datasource and bucket are the same thing.

I have taken some inspiration from your dashboard as I realised that I had a similar problem and had assumed the bucket name was "pfsense", so I have improved mine a bit so that you can select dataSource and then bucket which should hopefully be more adaptable to other setups. I also noticed that your disk utilization is only shows 1 mount point on my system.

The rest of my dashboard is hopefully in-line with @VictorRobellini 's original design. I of course welcome feedback. One consideration i did have was migrating the dashboard to using graphonnet. this would give a dashboard-as-code and would make it more easily maintainable in the future.

I found that the performance of the ip_block_log database was impacted after I had been port scanned, or had a malicious actor attempting to hack me. this is why I changed the telegraf slightly:

wrightsonm@eefb0eb

hi there, trying to use your dashboard, I get data on the interfaces and the system but no data on pfblocker dnsbl and ip.blocks

do I need to set something else on pfsense so telegraf is allowed to get this data? I use this block in my telegraf config:

  urls = ["http://172.16.0.4:8086"]
  token = "xxx"
  organization = "xxx"
  bucket = "pfsense"

[[inputs.exec]]
    commands = [
        "/usr/local/bin/telegraf_plugins/telegraf_pfifgw.php",
        "sh /usr/local/bin/telegraf_plugins/telegraf_temperature.sh"
    ]
    data_format = "influx"

[[inputs.tail]]
    files = ["/var/log/pfblockerng/dnsbl.log"]
    data_format = "grok"
    from_beginning = false
    name_suffix = "_dnsbl_log"
    grok_timezone = "Local"
    grok_patterns = ["^%{WORD:blocktype}-%{WORD:blocksubtype},%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{IPORHOST:domain},%{IPORHOST:src_ip:tag},%{GREEDYDATA:req_agent},%{WORD:blockmethod},%{WORD:blocklist:tag},%{IPORHOST:tld:tag},%{WORD:feed_name:tag},%{GREEDYDATA:duplicateeventstatus}"]

[[inputs.tail]]
    files = ["/var/log/pfblockerng/ip_block.log"]
    data_format = "grok"
    from_beginning = false
    name_suffix = "_ip_block_log"
    grok_timezone = "Local"
    grok_patterns = ["^%{SYSLOGTIMESTAMP:timestamp:ts-syslog},%{NUMBER:rulenum},%{DATA:interface},%{WORD:friendlyname},%{WORD:action},%{NUMBER:ip_version},%{NUMBER:protocolid},%{DATA:protocol:tag},%{IPORHOST:src_ip},%{IPORHOST:dest_ip},%{WORD:src_port},%{NUMBER:dest_port},%{WORD:direction},%{WORD:geoip_code:tag},%{DATA:ip_alias_name},%{DATA:ip_evaluated},%{DATA:feed_name:tag},%{HOSTNAME:resolvedhostname},%{GREEDYDATA:clienthostname},%{GREEDYDATA:ASN},%{GREEDYDATA:duplicateeventstatus}"]

[[inputs.unbound]]
    server = "127.0.0.1:953"
    binary = "/usr/local/bin/telegraf_plugins/telegraf_unbound.sh" 

any help would be greatly appreciated. Dont get data on those two with influxl nor mit flux