mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-31 06:01:52 +00:00
cleanup(userspace/falco): add more fields to metrics
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
parent
e37027a1d0
commit
f0ac327f98
@ -632,7 +632,7 @@ base_syscalls:
|
||||
# Emit kernel side event and drop counters, compare to `syscall_event_drops`,
|
||||
# however this option reflects monotonic counters since Falco start,
|
||||
# exported at a constant stats interval and therefore can be regarded as an alternative.
|
||||
# kernel event conters are prefixed with `n_` e.g. `n_evts`, `n_drops`, `n_drops_buffer_total` ...
|
||||
# kernel event counters are prefixed with `n_` e.g. `n_evts`, `n_drops`, `n_drops_buffer_total` ...
|
||||
#
|
||||
# `libbpf_stats_enabled`:
|
||||
# Exposes `bpftool prog show` like stats, e.g. number of invocations
|
||||
|
@ -168,6 +168,7 @@ std::map<std::string, std::string> stats_writer::collector::get_metrics_output_f
|
||||
output_fields["evt.time"] = std::to_string(now); /* Some ETLs may prefer a consistent timestamp within output_fields. */
|
||||
output_fields["falco_version"] = FALCO_VERSION;
|
||||
output_fields["falco_start_ts"] = std::to_string(agent_info->start_ts_epoch);
|
||||
output_fields["falco_duration_sec"] = std::to_string((now - agent_info->start_ts_epoch) / ONE_SECOND_IN_NS);
|
||||
output_fields["kernel_release"] = agent_info->uname_r;
|
||||
output_fields["host_boot_ts"] = std::to_string(machine_info->boot_ts_epoch);
|
||||
output_fields["hostname"] = machine_info->hostname; /* Explicitly add hostname to log msg in case hostname rule output field is disabled. */
|
||||
|
Loading…
Reference in New Issue
Block a user