github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-05 08:40:52 +00:00
Code Issues Projects Releases Wiki Activity

refactor(userspace/engine): leverage falco_rule def in stats manager

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
2022-05-23 10:03:22 +00:00
committed by poiana
parent 50c2aa9c81
commit 833fec8537
2 changed files with 11 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
userspace/engine/stats_manager.cpp
View File

@@ -38,10 +38,9 @@ void stats_manager::clear()
void stats_manager::format(
const indexed_vector<falco_rule>& rules,
string& out)
string& out) const
{
string fmt;
string name;
out = "Events detected: " + to_string(m_total) + "\n";
out += "Rule counts by severity:\n";
for (size_t i = 0; i < m_by_priority.size(); i++)
@@ -66,27 +65,17 @@ void stats_manager::format(
}
}
void stats_manager::on_event(
const indexed_vector<falco_rule>& rules,
uint32_t rule_id)
void stats_manager::on_event(const falco_rule& rule)
{
auto *rule = rules.at(rule_id);
if (!rule)
if (m_by_rule_id.size() <= rule.id)
{
throw falco_exception(
"on_event(): event with invalid rule_id: " + rule_id);
m_by_rule_id.resize(rule.id + 1, (uint64_t) 0);
}
if (m_by_rule_id.size() <= rule_id)
if (m_by_priority.size() <= (size_t) rule.priority)
{
m_by_rule_id.resize(rule_id + 1);
m_by_rule_id[rule_id] = 0;
}
if (m_by_priority.size() <= (size_t) rule->priority)
{
m_by_priority.resize((size_t) rule->priority + 1);
m_by_priority[(size_t) rule->priority] = 0;
m_by_priority.resize((size_t) rule.priority + 1, (uint64_t) 0);
}
m_total++;
m_by_rule_id[rule_id]++;
m_by_priority[(size_t) rule->priority]++;
m_by_rule_id[rule.id]++;
m_by_priority[(size_t) rule.priority]++;
}

8
userspace/engine/stats_manager.h
View File

@@ -36,18 +36,16 @@ public:
virtual void clear();
/*!
\brief Callback for when a rule with a given index matches an event
\brief Callback for when a given rule matches an event
*/
virtual void on_event(
const indexed_vector<falco_rule>& rules,
uint32_t index);
virtual void on_event(const falco_rule& rule);
/*!
\brief Formats the internal statistics into the out string
*/
virtual void format(
const indexed_vector<falco_rule>& rules,
std::string& out);
std::string& out) const;
private:
uint64_t m_total;