mirror of
https://github.com/falcosecurity/falco.git
synced 2025-08-31 06:10:45 +00:00
update(falco_metrics): rearrange evts and drops prometheus metrics
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
@@ -73,12 +73,12 @@ TEST(FalcoUtils, parse_prometheus_interval)
|
||||
ASSERT_EQ(falco::utils::parse_prometheus_interval("200"), 0UL);
|
||||
}
|
||||
|
||||
TEST(FalcoUtils, sanitize_metric_name)
|
||||
TEST(FalcoUtils, sanitize_rule_name)
|
||||
{
|
||||
ASSERT_EQ(falco::utils::sanitize_metric_name("Testing rule 2 (CVE-2244)"), "Testing_rule_2_CVE_2244");
|
||||
ASSERT_EQ(falco::utils::sanitize_metric_name("Testing rule__:2)"), "Testing_rule_:2");
|
||||
ASSERT_EQ(falco::utils::sanitize_metric_name("This@is_a$test rule123"), "This_is_a_test_rule123");
|
||||
ASSERT_EQ(falco::utils::sanitize_metric_name("RULEwith:special#characters"), "RULEwith:special_characters");
|
||||
ASSERT_EQ(falco::utils::sanitize_rule_name("Testing rule 2 (CVE-2244)"), "Testing_rule_2_CVE_2244");
|
||||
ASSERT_EQ(falco::utils::sanitize_rule_name("Testing rule__:2)"), "Testing_rule_:2");
|
||||
ASSERT_EQ(falco::utils::sanitize_rule_name("This@is_a$test rule123"), "This_is_a_test_rule123");
|
||||
ASSERT_EQ(falco::utils::sanitize_rule_name("RULEwith:special#characters"), "RULEwith:special_characters");
|
||||
}
|
||||
|
||||
TEST(FalcoUtils, matches_wildcard)
|
||||
|
@@ -151,7 +151,7 @@ std::string calculate_file_sha256sum(const std::string& filename)
|
||||
}
|
||||
#endif
|
||||
|
||||
std::string sanitize_metric_name(const std::string& name)
|
||||
std::string sanitize_rule_name(const std::string& name)
|
||||
{
|
||||
std::string sanitized_name = name;
|
||||
RE2::GlobalReplace(&sanitized_name, "[^a-zA-Z0-9_:]", "_");
|
||||
|
@@ -31,7 +31,7 @@ uint64_t parse_prometheus_interval(std::string interval_str);
|
||||
std::string calculate_file_sha256sum(const std::string& filename);
|
||||
#endif
|
||||
|
||||
std::string sanitize_metric_name(const std::string& name);
|
||||
std::string sanitize_rule_name(const std::string& name);
|
||||
|
||||
std::string wrap_text(const std::string& in, uint32_t indent, uint32_t linelen);
|
||||
|
||||
|
@@ -15,6 +15,8 @@ See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
#include <re2/re2.h>
|
||||
|
||||
#include "falco_metrics.h"
|
||||
|
||||
#include "falco_utils.h"
|
||||
@@ -246,21 +248,68 @@ std::string falco_metrics::to_text(const falco::app::state& state)
|
||||
for (auto& metric: metrics_snapshot)
|
||||
{
|
||||
prometheus_metrics_converter.convert_metric_to_unit_convention(metric);
|
||||
std::string namespace_name = "scap";
|
||||
std::string prometheus_subsystem = "scap";
|
||||
|
||||
if (metric.flags & METRICS_V2_RESOURCE_UTILIZATION || metric.flags & METRICS_V2_KERNEL_COUNTERS)
|
||||
{
|
||||
namespace_name = "falco";
|
||||
prometheus_subsystem = "falco";
|
||||
}
|
||||
|
||||
if (metric.flags & METRICS_V2_PLUGINS)
|
||||
{
|
||||
namespace_name = "plugins";
|
||||
prometheus_subsystem = "plugins";
|
||||
}
|
||||
|
||||
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, "falcosecurity", namespace_name);
|
||||
if (strncmp(metric.name, "n_evts_cpu", 10) == 0 || strncmp(metric.name, "n_drops_cpu", 11) == 0) // prefix match
|
||||
{
|
||||
std::string name_str(metric.name);
|
||||
re2::RE2 pattern("(\\d+)");
|
||||
std::string cpu_number;
|
||||
if (re2::RE2::PartialMatch(name_str, pattern, &cpu_number))
|
||||
{
|
||||
re2::RE2::GlobalReplace(&name_str, pattern, "");
|
||||
auto metric_new = libs::metrics::libsinsp_metrics::new_metric(name_str.c_str(),
|
||||
METRICS_V2_KERNEL_COUNTERS, // todo replace with new METRICS_V2_KERNEL_COUNTERS_PER_CPU after bumping libs the next time
|
||||
METRIC_VALUE_TYPE_U64,
|
||||
METRIC_VALUE_UNIT_COUNT,
|
||||
METRIC_VALUE_METRIC_TYPE_MONOTONIC,
|
||||
metric.value.u64);
|
||||
const std::map<std::string, std::string>& const_labels = {
|
||||
{"cpu", cpu_number}
|
||||
};
|
||||
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_new, "falcosecurity", prometheus_subsystem, const_labels);
|
||||
}
|
||||
}
|
||||
else if (strncmp(metric.name, "n_drops_buffer_total", 21) == 0) // exact match
|
||||
{
|
||||
continue;
|
||||
}
|
||||
else if (strncmp(metric.name, "n_drops_buffer", 14) == 0) // prefix match
|
||||
{
|
||||
re2::RE2 pattern("n_drops_buffer_([^_]+(?:_[^_]+)*)_(enter|exit)$");
|
||||
std::string drop;
|
||||
std::string dir;
|
||||
std::string name_str(metric.name);
|
||||
if (re2::RE2::FullMatch(name_str, pattern, &drop, &dir))
|
||||
{
|
||||
auto metric_new = libs::metrics::libsinsp_metrics::new_metric("n_drops_buffer",
|
||||
METRICS_V2_KERNEL_COUNTERS,
|
||||
METRIC_VALUE_TYPE_U64,
|
||||
METRIC_VALUE_UNIT_COUNT,
|
||||
METRIC_VALUE_METRIC_TYPE_MONOTONIC,
|
||||
metric.value.u64);
|
||||
const std::map<std::string, std::string>& const_labels = {
|
||||
{"drop", drop},
|
||||
{"dir", dir}
|
||||
};
|
||||
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_new, "falcosecurity", prometheus_subsystem, const_labels);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, "falcosecurity", prometheus_subsystem);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
return prometheus_text;
|
||||
}
|
||||
|
@@ -346,7 +346,7 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
|
||||
{
|
||||
fs::path fs_path = item.first;
|
||||
std::string metric_name_file_sha256 = fs_path.filename().stem();
|
||||
metric_name_file_sha256 = "falco.sha256_rules_file." + falco::utils::sanitize_metric_name(metric_name_file_sha256);
|
||||
metric_name_file_sha256 = "falco.sha256_rules_file." + falco::utils::sanitize_rule_name(metric_name_file_sha256);
|
||||
output_fields[metric_name_file_sha256] = item.second;
|
||||
}
|
||||
|
||||
@@ -354,7 +354,7 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
|
||||
{
|
||||
fs::path fs_path = item.first;
|
||||
std::string metric_name_file_sha256 = fs_path.filename().stem();
|
||||
metric_name_file_sha256 = "falco.sha256_config_file." + falco::utils::sanitize_metric_name(metric_name_file_sha256);
|
||||
metric_name_file_sha256 = "falco.sha256_config_file." + falco::utils::sanitize_rule_name(metric_name_file_sha256);
|
||||
output_fields[metric_name_file_sha256] = item.second;
|
||||
}
|
||||
|
||||
@@ -434,7 +434,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
|
||||
continue;
|
||||
}
|
||||
auto rule = rules.at(i);
|
||||
std::string rules_metric_name = "falco.rules." + falco::utils::sanitize_metric_name(rule->name);
|
||||
std::string rules_metric_name = "falco.rules." + falco::utils::sanitize_rule_name(rule->name);
|
||||
output_fields[rules_metric_name] = rule_count;
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user