From f2da4e3eac16e198cb40fc6673310f51ab373f6a Mon Sep 17 00:00:00 2001 From: Thomas Labarussias Date: Thu, 12 Sep 2024 15:27:20 +0200 Subject: [PATCH] improve the name of the prometheus metrics to follow the best practice and the naming convention chosen by Falco Signed-off-by: Thomas Labarussias --- handlers.go | 10 +++++++++- outputs/awssecuritylake.go | 2 +- outputs/policyreport.go | 2 +- outputs/spyderbat.go | 2 +- stats_prometheus.go | 9 ++++++--- stats_prometheus_test.go | 4 ++-- 6 files changed, 20 insertions(+), 9 deletions(-) diff --git a/handlers.go b/handlers.go index b5669393c..3163f5dd1 100644 --- a/handlers.go +++ b/handlers.go @@ -10,6 +10,7 @@ import ( "log" "net/http" "sort" + "strconv" "strings" "text/template" "time" @@ -156,7 +157,14 @@ func newFalcoPayload(payload io.Reader) (types.FalcoPayload, error) { nullClient.CountMetric("falco.accepted", 1, []string{"priority:" + falcopayload.Priority.String()}) stats.Falco.Add(strings.ToLower(falcopayload.Priority.String()), 1) - promLabels := map[string]string{"rule": falcopayload.Rule, "priority": falcopayload.Priority.String(), "source": falcopayload.Source, "k8s_ns_name": kn, "k8s_pod_name": kp} + promLabels := map[string]string{ + "rule": falcopayload.Rule, + "priority_raw": strings.ToLower(falcopayload.Priority.String()), + "priority": strconv.Itoa(int(falcopayload.Priority)), + "source": falcopayload.Source, + "k8s_ns_name": kn, + "k8s_pod_name": kp, + } if falcopayload.Hostname != "" { promLabels["hostname"] = falcopayload.Hostname } else { diff --git a/outputs/awssecuritylake.go b/outputs/awssecuritylake.go index 0870cf80c..97cf5ced4 100644 --- a/outputs/awssecuritylake.go +++ b/outputs/awssecuritylake.go @@ -217,7 +217,7 @@ func (c *Client) StartSecurityLakeWorker() { continue } - time.Sleep(time.Duration(c.Config.AWS.SecurityLake.Interval) * time.Minute) + time.Sleep(time.Duration(c.Config.AWS.SecurityLake.Interval) * time.Minute) //nolint:gosec // disable G115 } } diff --git a/outputs/policyreport.go b/outputs/policyreport.go index cabe108c1..ea95b5584 100644 --- a/outputs/policyreport.go +++ b/outputs/policyreport.go @@ -175,7 +175,7 @@ func newResult(falcopayload types.FalcoPayload) *wgpolicy.PolicyReportResult { Rule: falcopayload.Rule, Category: "SI - System and Information Integrity", Source: policyReportSource, - Timestamp: metav1.Timestamp{Seconds: int64(falcopayload.Time.Second()), Nanos: int32(falcopayload.Time.Nanosecond())}, + Timestamp: metav1.Timestamp{Seconds: int64(falcopayload.Time.Second()), Nanos: int32(falcopayload.Time.Nanosecond())}, //nolint:gosec // disable G115 Severity: mapSeverity(falcopayload), Result: mapResult(falcopayload), Description: falcopayload.Output, diff --git a/outputs/spyderbat.go b/outputs/spyderbat.go index 6b783f960..fe1d38688 100644 --- a/outputs/spyderbat.go +++ b/outputs/spyderbat.go @@ -175,7 +175,7 @@ func newSpyderbatPayload(falcopayload types.FalcoPayload) (spyderbatPayload, err MonotonicTime: time.Now().Nanosecond(), OrcTime: nowTime, Time: eventTime, - PID: int32(pid), + PID: int32(pid), //nolint:gosec // disable G115 Level: level, Message: message, Arguments: arguments, diff --git a/stats_prometheus.go b/stats_prometheus.go index c4f7a95e1..42c7a87b7 100644 --- a/stats_prometheus.go +++ b/stats_prometheus.go @@ -13,6 +13,8 @@ import ( "github.com/falcosecurity/falcosidekick/types" ) +const metricPrefix string = "falcosecurity_falcosidekick_" + func getInitPromStats(config *types.Configuration) *types.PromStatistics { promStats = &types.PromStatistics{ Falco: getFalcoNewCounterVec(config), @@ -25,7 +27,7 @@ func getInitPromStats(config *types.Configuration) *types.PromStatistics { func getInputNewCounterVec() *prometheus.CounterVec { return promauto.NewCounterVec( prometheus.CounterOpts{ - Name: "falcosidekick_inputs", + Name: metricPrefix + "inputs_total", }, []string{"source", "status"}, ) @@ -34,7 +36,7 @@ func getInputNewCounterVec() *prometheus.CounterVec { func getOutputNewCounterVec() *prometheus.CounterVec { return promauto.NewCounterVec( prometheus.CounterOpts{ - Name: "falcosidekick_outputs", + Name: metricPrefix + "outputs_total", }, []string{"destination", "status"}, ) @@ -46,6 +48,7 @@ func getFalcoNewCounterVec(config *types.Configuration) *prometheus.CounterVec { "hostname", "rule", "priority", + "priority_raw", "source", "k8s_ns_name", "k8s_pod_name", @@ -66,7 +69,7 @@ func getFalcoNewCounterVec(config *types.Configuration) *prometheus.CounterVec { } return promauto.NewCounterVec( prometheus.CounterOpts{ - Name: "falco_events", + Name: metricPrefix + "falco_events_total", }, labelnames, ) diff --git a/stats_prometheus_test.go b/stats_prometheus_test.go index d84200237..d28d77122 100644 --- a/stats_prometheus_test.go +++ b/stats_prometheus_test.go @@ -18,11 +18,11 @@ func TestFalcoNewCounterVec(t *testing.T) { c.Customfields["should*fail"] = "bar" cv := getFalcoNewCounterVec(c) - shouldbe := []string{"hostname", "rule", "priority", "source", "k8s_ns_name", "k8s_pod_name", "test"} + shouldbe := []string{"hostname", "rule", "priority", "priority_raw", "source", "k8s_ns_name", "k8s_pod_name", "test"} mm, err := cv.GetMetricWithLabelValues(shouldbe...) if err != nil { t.Errorf("Error getting Metrics from promauto") } metricDescString := mm.Desc().String() - require.Equal(t, metricDescString, "Desc{fqName: \"falco_events\", help: \"\", constLabels: {}, variableLabels: {hostname,rule,priority,source,k8s_ns_name,k8s_pod_name,test}}") + require.Equal(t, metricDescString, "Desc{fqName: \"falcosecurity_falcosidekick_falco_events_total\", help: \"\", constLabels: {}, variableLabels: {hostname,rule,priority,priority_raw,source,k8s_ns_name,k8s_pod_name,test}}") }