github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-20 09:27:47 +00:00
Code Issues Projects Releases Wiki Activity

update(falco_metrics): add kernel_event_counters_per_cpu_enabled config

Browse Source 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby
2024-09-12 07:14:03 +00:00
committed by poiana
parent 2ceb6ecf0f
commit 9089262569
3 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
falco.yaml
View File

@@ -1066,6 +1066,9 @@ syscall_event_drops:
# counters reflect monotonic values since Falco's start and are exported at a # counters reflect monotonic values since Falco's start and are exported at a
# constant stats interval. # constant stats interval.
# #
# `kernel_event_counters_per_cpu_enabled`: Detailed kernel event and drop counters
# per CPU. typically used when debugging and not in production.
#
# `libbpf_stats_enabled`: Exposes statistics similar to `bpftool prog show`, # `libbpf_stats_enabled`: Exposes statistics similar to `bpftool prog show`,
# providing information such as the number of invocations of each BPF program # providing information such as the number of invocations of each BPF program
# attached by Falco and the time spent in each program measured in nanoseconds. # attached by Falco and the time spent in each program measured in nanoseconds.
@@ -1104,6 +1107,8 @@ metrics:
resource_utilization_enabled: true resource_utilization_enabled: true
state_counters_enabled: true state_counters_enabled: true
kernel_event_counters_enabled: true kernel_event_counters_enabled: true
# Enabling `kernel_event_counters_per_cpu_enabled` automatically enables `kernel_event_counters_enabled`
kernel_event_counters_per_cpu_enabled: false
libbpf_stats_enabled: true libbpf_stats_enabled: true
plugins_metrics_enabled: true plugins_metrics_enabled: true
convert_memory_to_mb: true convert_memory_to_mb: true

4
userspace/falco/configuration.cpp
View File

@@ -581,6 +581,10 @@ void falco_configuration::load_yaml(const std::string& config_name)
{ {
m_metrics_flags |= METRICS_V2_KERNEL_COUNTERS; m_metrics_flags |= METRICS_V2_KERNEL_COUNTERS;
} }
if (m_config.get_scalar<bool>("metrics.kernel_event_counters_per_cpu_enabled", true))
{
m_metrics_flags |= METRICS_V2_KERNEL_COUNTERS_PER_CPU;
}
if (m_config.get_scalar<bool>("metrics.libbpf_stats_enabled", true)) if (m_config.get_scalar<bool>("metrics.libbpf_stats_enabled", true))
{ {
m_metrics_flags |= METRICS_V2_LIBBPF_STATS; m_metrics_flags |= METRICS_V2_LIBBPF_STATS;

4
userspace/falco/stats_writer.cpp
View File

@@ -470,7 +470,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
m_writer->m_output_rule_metrics_converter->convert_metric_to_unit_convention(metric); m_writer->m_output_rule_metrics_converter->convert_metric_to_unit_convention(metric);
} }
char metric_name[METRIC_NAME_MAX] = "falco."; char metric_name[METRIC_NAME_MAX] = "falco.";
if((metric.flags & METRICS_V2_LIBBPF_STATS) || (metric.flags & METRICS_V2_KERNEL_COUNTERS) ) if((metric.flags & METRICS_V2_LIBBPF_STATS) || (metric.flags & METRICS_V2_KERNEL_COUNTERS) || (metric.flags & METRICS_V2_KERNEL_COUNTERS_PER_CPU) )
{ {
strlcpy(metric_name, "scap.", sizeof(metric_name)); strlcpy(metric_name, "scap.", sizeof(metric_name));
} }
@@ -600,7 +600,7 @@ void stats_writer::collector::collect(const std::shared_ptr<sinsp>& inspector, c
// Note: src is static for live captures // Note: src is static for live captures
if (src != falco_common::syscall_source) if (src != falco_common::syscall_source)
{ {
flags &= ~(METRICS_V2_KERNEL_COUNTERS | METRICS_V2_STATE_COUNTERS | METRICS_V2_LIBBPF_STATS); flags &= ~(METRICS_V2_KERNEL_COUNTERS | METRICS_V2_KERNEL_COUNTERS_PER_CPU | METRICS_V2_STATE_COUNTERS | METRICS_V2_LIBBPF_STATS);
} }
m_writer->m_libs_metrics_collector = std::make_unique<libs::metrics::libs_metrics_collector>(inspector.get(), flags); m_writer->m_libs_metrics_collector = std::make_unique<libs::metrics::libs_metrics_collector>(inspector.get(), flags);