github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-01 22:47:46 +00:00
Code Issues Projects Releases Wiki Activity

update(falco_metrics): change prometheus rules metric naming

Browse Source 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby 2024-09-13 04:49:06 +00:00 committed by poiana
parent d1644079e9
commit d3c6a7478e
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
falco.yaml
View File

@ -1067,7 +1067,7 @@ syscall_event_drops:
# constant stats interval.
#
# `kernel_event_counters_per_cpu_enabled`: Detailed kernel event and drop counters
# per CPU. typically used when debugging and not in production.
# per CPU. Typically used when debugging and not in production.
#
# `libbpf_stats_enabled`: Exposes statistics similar to `bpftool prog show`,
# providing information such as the number of invocations of each BPF program

16
userspace/falco/falco_metrics.cpp
View File

@ -216,14 +216,14 @@ std::string falco_metrics::to_text(const falco::app::state& state)
if (count > 0)
{
/* Examples ...
# HELP falcosecurity_falco_rules_counters_total https://falco.org/docs/metrics/
# TYPE falcosecurity_falco_rules_counters_total counter
falcosecurity_falco_rules_counters_total{priority="4",rule_name="Read sensitive file untrusted",source="syscall",tags="T1555, container, filesystem, host, maturity_stable, mitre_credential_access"} 10
# HELP falcosecurity_falco_rules_counters_total https://falco.org/docs/metrics/
# TYPE falcosecurity_falco_rules_counters_total counter
falcosecurity_falco_rules_counters_total{priority="5",rule_name="Unexpected UDP Traffic",source="syscall",tags="TA0011, container, host, maturity_incubating, mitre_exfiltration, network"} 1
# HELP falcosecurity_falco_rules_matches_total https://falco.org/docs/metrics/
# TYPE falcosecurity_falco_rules_matches_total counter
falcosecurity_falco_rules_matches_total{priority="4",rule_name="Read sensitive file untrusted",source="syscall",tags="T1555, container, filesystem, host, maturity_stable, mitre_credential_access"} 10
# HELP falcosecurity_falco_rules_matches_total https://falco.org/docs/metrics/
# TYPE falcosecurity_falco_rules_matches_total counter
falcosecurity_falco_rules_matches_total{priority="5",rule_name="Unexpected UDP Traffic",source="syscall",tags="TA0011, container, host, maturity_incubating, mitre_exfiltration, network"} 1
*/
auto metric = libs::metrics::libsinsp_metrics::new_metric("rules_counters",
auto metric = libs::metrics::libsinsp_metrics::new_metric("rules_matches",
METRICS_V2_RULE_COUNTERS,
METRIC_VALUE_TYPE_U64,
METRIC_VALUE_UNIT_COUNT,
@ -300,7 +300,7 @@ std::string falco_metrics::to_text(const falco::app::state& state)
}
else if (strcmp(metric.name, "n_drops_buffer_total") == 0)
{
// Skip the libs aggregate metric since we distinguish between buffer drops using labels similar to the rules_counters
// Skip the libs aggregate metric since we distinguish between buffer drops using labels similar to the rules_matches
continue;
}
else if (strncmp(metric.name, "n_drops_buffer", 14) == 0) // prefix match