By default, Telegraf doesn't log. It can be enabled in the config file located at
/etc/telegraf/telegraf.conf on Debian Linux.
Authentication errors will not show up until
logfile is set in the
[agent] block. When that is set to something like
logfile = /var/log/telegraf/telegraf.log
then authentication errors produce an http error code, such as
[outputs.influxdb] when writing to [http://127.0.0.1:8086]: database "" creation failed: 401 Unauthorized [outputs.influxdb] when writing to [http://127.0.0.1:8086]: 401 Unauthorized: authorization failed [agent] Error writing to output [influxdb]: could not write any address
Cannot connect to influxdb server shows:
[agent] Error writing to output [influxdb]: could not write any address
Why am I seeing omniorb in netstat/sockstat?
InfluxDB listens on port 8088 for backup and restore. When looking at netstat or ss (sockstat) you will see something like this:
tcp 0 0 localhost:omniorb 0.0.0.0:* LISTEN
Port 8088 is assigned to OmniOrb by IANA (Internet Assigned Numbers Authority). InfluxDB also uses this port. See man services for more information. Operating system updates may overwrite this file so it is better to not edit it.
As noted on the Authentication and authorization page, unless you create an Admin account (directions here), even if you enable Authentication it will still allow an authenticated or anonymous user to login but the only command they can run is the creation of an admin account. When authentication is enabled on InfluxDB by setting
auth-enabled = true in the
[http] block in the config file
/etc/influxdb/influx.conf you can still connect via the CLI, even remotely, but you receive an error when running commands that looks like this:
$ influx Connected to http://localhost:8086 version 1.7.4 InfluxDB shell version: 1.7.4 Enter an InfluxQL query > SHOW USERS ERR: unable to parse authentication credentials Warning: It is possible this error is due to not setting a database. Please set a database with the command "use <database>". > USE telegraf ERR: unable to parse authentication credentials DB does not exist!
Unauthenticated remote influx connections to port 8086 (the same port Telegraf reports to) do not appear to have a timeout, I left one connection from a remote machine open for 24 hours with no activity and it still had an established connection; even with
http-timeout = "30" set in the config. It is probably a good idea to work out a max-connections or use a firewall to only permit connections from known hosts. This issue was noted on their gihthub issues and was chosen to be ignored due to clients potentially resuing connections.
With iptables, a rule limiting the number of concurrent connections on that port to 10 would work looks something like this:
root@debian:~# iptables -A INPUT -p tcp --syn --dport 8086 -m connlimit --connlimit-above 10 -j REJECT
That also depends on the other rules before it and may cause unexpected behavior, be sure to test this properly before using in production.