Synproxy Telegraf Input Plugin
Powerful performance with an easy integration, powered by Telegraf, the open source data connector built by InfluxData.
5B+
Telegraf downloads
#1
Time series database
Source: DB Engines
1B+
Downloads of InfluxDB
2,800+
Contributors
Table of Contents
Powerful Performance, Limitless Scale
Collect, organize, and act on massive volumes of high-velocity data. Any data is more valuable when you think of it as time series data. with InfluxDB, the #1 time series platform built to scale with Telegraf.
See Ways to Get Started
Synproxy is a netfilter module included in Linux kernels since version 3.12. It's used to protect Transmission Control Protocol (TCP) servers from attacks such as SYN floods. A SYN flood is when an attacker repeatedly requests a connection with a server and does not finalize the connection. These unresolved connections can overload the server, which then becomes very slow or even shuts down. Synproxy acts as an intermediary and connects clients and servers only when a legitimate client sends a complete request. It passes valid connections through and stops attacks without affecting the server. You can use Synproxy with encrypted and unencrypted TCP traffic because it doesn't affect content.
Why use a Telegraf plugin for Synproxy?
The Synproxy Telegraf Input Plugin captures counters from Synproxy including invalid cookies, cookies retransmitted, valid cookies, entries, SYN received, and connections reopened. Using this plugin allows you to monitor the attacks that Synproxy stops from going through to your server. Knowing statistics like how many connections Synproxy intercepts gives you a more complete picture of your security status. In the event of a server attack, this information can help you investigate and stop future security problems.
How to monitor Synproxy using the Telegraf plugin
The Synproxy Telegraf Input Plugin is very simple to use as it doesn't require any configuration. You can use queries to monitor the performance of Synproxy on your network and analyze metrics such as the number of connections reopened per hour for the last day. This plugin makes it easy to keep track of metrics as you use Synproxy to protect your TCP server from SYN floods and other similar attacks.
Key Synproxy metrics to use for monitoring
Some of the important Synproxy metrics that you should proactively monitor include:
- Synproxy
- Fields:
cookie_invalid(uint32, packets, counter) - Invalid cookiescookie_retrans(uint32, packets, counter) - Cookies retransmittedcookie_valid(uint32, packets, counter) - Valid cookiesentries(uint32, packets, counter) - Entriessyn_received(uint32, packets, counter) - SYN receivedconn_reopened(uint32, packets, counter) - Connections reopened
- Fields:
Powerful Performance, Limitless Scale
Collect, organize, and act on massive volumes of high-velocity data. Any data is more valuable when you think of it as time series data. with InfluxDB, the #1 time series platform built to scale with Telegraf.
See Ways to Get Started
