new(metrics): add host_ifinfo metric #3253
Conversation
|
This PR may bring feature or behavior changes in the Falco engine and may require the engine version to be bumped. Please double check userspace/engine/falco_engine_version.h file. See versioning for FALCO_ENGINE_VERSION. /hold |
|
/milestone 0.39.0 |
userspace/engine/falco_utils.h
Outdated
| #if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) | ||
| // todo: consider extending libs and expose API for ipv4 and ipv6 to string conversion | ||
| std::string ipv4addr_to_string(uint32_t addr); | ||
| std::string ipv6addr_to_string(const ipv6addr& addr); |
There was a problem hiding this comment.
Why not make it a function of the ipv6addr structure ?
Since that structure has a constructor that takes a string as input, a to_string method would make sense as well. What do you think ?
There was a problem hiding this comment.
Thought the same. That's why I left a todo item.
@FedeDP would it be ok to make the to_string functions public? For ipv4 we have it in libs, but it's private. For ipv6 we do not yet have it. I can port this code over to libs if you all agree.
There was a problem hiding this comment.
+1 from my side! Neat idea!
There was a problem hiding this comment.
(i don't think it's a problem to make them public!)
incertum
force-pushed
the
metrics-host-network-interfaces
branch
from
18e335c to
a7bde11
Compare
incertum
force-pushed
the
metrics-host-network-interfaces
branch
2 times, most recently
from
91b90cb to
74c5c49
Compare
userspace/falco/stats_writer.cpp
Outdated
| @@ -357,6 +357,43 @@ void stats_writer::collector::get_metrics_output_fields_wrapper( | |||
| metric_name_file_sha256 = "falco.sha256_config_file." + falco::utils::sanitize_metric_name(metric_name_file_sha256); | |||
| output_fields[metric_name_file_sha256] = item.second; | |||
| } | |||
|
|
|||
| if (stats_snapshot_time_delta_sec == 0) | |||
There was a problem hiding this comment.
This new trick helps to create the json only once every inspector reload. For Prometheus however it does it every time right now @sgaist.
|
/hold needs a libs bump after merging falcosecurity/libs#1937. |
|
I think you can now rebase on top of Falco master ;) |
Signed-off-by: Melissa Kilby <[email protected]>
…json Signed-off-by: Melissa Kilby <[email protected]>
Because libs constantly refreshes them, it's fine to re-create the JSON each time Signed-off-by: Melissa Kilby <[email protected]>
incertum
force-pushed
the
metrics-host-network-interfaces
branch
from
74c5c49 to
f43b4df
Compare
Rebased, thanks. |
|
LGTM label has been added. Git tree hash: dd0c218c324ac0e01bf1d25b092ad4cc3822fcec
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Andreagit97, FedeDP, incertum The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/unhold |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area engine
What this PR does / why we need it:
For fleet management and inventory purposes, having the host ifinfo available is highly valuable, in addition to
evt.hostname,kernel_release, and many other wrapper/base metric fields.In addition to incorporating the new metric field into the metrics framework, I would also like to propose adding new filter checks similar to
evt.hostnameto libs (details to be discussed later).Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: