github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-01 14:37:49 +00:00
Code Issues Projects Releases Wiki Activity

cleanup(metrics): improve comments

Browse Source 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby 2024-05-14 19:20:05 +00:00 committed by poiana
parent 0195dba889
commit aa021537d9
2 changed files with 70 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
userspace/falco/falco_metrics.cpp
View File

@ -66,6 +66,8 @@ std::string falco_metrics::to_text(const falco::app::state& state)
for (auto* inspector: inspectors)
{
// Falco wrapper metrics
//
for (size_t i = 0; i < sizeof(all_driver_engines) / sizeof(const char*); i++)
{
if (inspector->check_current_engine(all_driver_engines[i]))
@ -106,18 +108,64 @@ std::string falco_metrics::to_text(const falco::app::state& state)
{
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("evt_source", "falcosecurity", "falco", {{"evt_source", source}});
}
std::vector<metrics_v2> falco_metrics;
std::vector<metrics_v2> additional_wrapper_metrics;
additional_wrapper_metrics.emplace_back(libs_metrics_collector.new_metric("start_ts",
METRICS_V2_MISC,
METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_TIME_TIMESTAMP_NS,
METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT,
agent_info->start_ts_epoch));
additional_wrapper_metrics.emplace_back(libs_metrics_collector.new_metric("host_boot_ts",
METRICS_V2_MISC,
METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_TIME_TIMESTAMP_NS,
METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT,
machine_info->boot_ts_epoch));
additional_wrapper_metrics.emplace_back(libs_metrics_collector.new_metric("host_num_cpus",
METRICS_V2_MISC,
METRIC_VALUE_TYPE_U32,
METRIC_VALUE_UNIT_COUNT,
METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT,
machine_info->num_cpus));
additional_wrapper_metrics.emplace_back(libs_metrics_collector.new_metric("outputs_queue_num_drops",
METRICS_V2_MISC,
METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_COUNT,
METRIC_VALUE_METRIC_TYPE_MONOTONIC,
state.outputs->get_outputs_queue_num_drops()));
auto now = std::chrono::duration_cast<std::chrono::nanoseconds>(std::chrono::system_clock::now().time_since_epoch()).count();
additional_wrapper_metrics.emplace_back(libs_metrics_collector.new_metric("duration_sec",
METRICS_V2_MISC,
METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_TIME_S_COUNT,
METRIC_VALUE_METRIC_TYPE_MONOTONIC,
(uint64_t)((now - agent_info->start_ts_epoch) / ONE_SECOND_IN_NS)));
for (auto metric: additional_wrapper_metrics)
{
prometheus_metrics_converter.convert_metric_to_unit_convention(metric);
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, "falcosecurity", "falco");
}
// Falco metrics categories
//
// rules_counters_enabled
if(state.config->m_metrics_flags & METRICS_V2_RULE_COUNTERS)
{
const stats_manager& rule_stats_manager = state.engine->get_rule_stats_manager();
const indexed_vector<falco_rule>& rules = state.engine->get_rules();
falco_metrics.emplace_back(libs_metrics_collector.new_metric("rules.matches_total",
auto metric = libs_metrics_collector.new_metric("rules.matches_total",
METRICS_V2_RULE_COUNTERS,
METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_COUNT,
METRIC_VALUE_METRIC_TYPE_MONOTONIC,
rule_stats_manager.get_total().load()));
rule_stats_manager.get_total().load());
prometheus_metrics_converter.convert_metric_to_unit_convention(metric);
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, "falcosecurity", "falco");
for (size_t i = 0; i < rule_stats_manager.get_by_rule_id().size(); i++)
{
auto rule = rules.at(i);
@ -138,50 +186,14 @@ std::string falco_metrics::to_text(const falco::app::state& state)
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, "falcosecurity", "falco", const_labels);
}
}
falco_metrics.emplace_back(libs_metrics_collector.new_metric("start_ts",
METRICS_V2_MISC,
METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_TIME_TIMESTAMP_NS,
METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT,
agent_info->start_ts_epoch));
falco_metrics.emplace_back(libs_metrics_collector.new_metric("host_boot_ts",
METRICS_V2_MISC,
METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_TIME_TIMESTAMP_NS,
METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT,
machine_info->boot_ts_epoch));
falco_metrics.emplace_back(libs_metrics_collector.new_metric("host_num_cpus",
METRICS_V2_MISC,
METRIC_VALUE_TYPE_U32,
METRIC_VALUE_UNIT_COUNT,
METRIC_VALUE_METRIC_TYPE_NON_MONOTONIC_CURRENT,
machine_info->num_cpus));
falco_metrics.emplace_back(libs_metrics_collector.new_metric("outputs_queue_num_drops",
METRICS_V2_MISC,
METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_COUNT,
METRIC_VALUE_METRIC_TYPE_MONOTONIC,
state.outputs->get_outputs_queue_num_drops()));
auto now = std::chrono::duration_cast<std::chrono::nanoseconds>(std::chrono::system_clock::now().time_since_epoch()).count();
falco_metrics.emplace_back(libs_metrics_collector.new_metric("duration_sec",
METRICS_V2_MISC,
METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_TIME_S_COUNT,
METRIC_VALUE_METRIC_TYPE_MONOTONIC,
(uint64_t)((now - agent_info->start_ts_epoch) / ONE_SECOND_IN_NS)));
for (auto metric: falco_metrics)
{
prometheus_metrics_converter.convert_metric_to_unit_convention(metric);
prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, "falcosecurity", "falco");
}
}
// Libs metrics categories
//
// resource_utilization_enabled
// state_counters_enabled
// kernel_event_counters_enabled
// libbpf_stats_enabled
for (auto metrics_collector: metrics_collectors)
{
metrics_collector.snapshot();

13
userspace/falco/stats_writer.cpp
View File

@ -320,6 +320,9 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
const scap_agent_info* agent_info = inspector->get_agent_info();
const scap_machine_info* machine_info = inspector->get_machine_info();
// Falco wrapper metrics
//
/* Wrapper fields useful for statistical analyses and attributions. Always enabled. */
output_fields["evt.time"] = now; /* Some ETLs may prefer a consistent timestamp within output_fields. */
output_fields["falco.version"] = FALCO_VERSION;
@ -373,6 +376,9 @@ void stats_writer::collector::get_metrics_output_fields_additional(
nlohmann::json& output_fields,
double stats_snapshot_time_delta_sec)
{
// Falco metrics categories
//
// rules_counters_enabled
if(m_writer->m_config->m_metrics_flags & METRICS_V2_RULE_COUNTERS)
{
const stats_manager& rule_stats_manager = m_writer->m_engine->get_rule_stats_manager();
@ -393,6 +399,13 @@ void stats_writer::collector::get_metrics_output_fields_additional(
#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
if (m_writer->m_libs_metrics_collector && m_writer->m_output_rule_metrics_converter)
{
// Libs metrics categories
//
// resource_utilization_enabled
// state_counters_enabled
// kernel_event_counters_enabled
// libbpf_stats_enabled
// Refresh / New snapshot
m_writer->m_libs_metrics_collector->snapshot();
auto metrics_snapshot = m_writer->m_libs_metrics_collector->get_metrics();