Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update telemetry log policy due to the fact that unit will not be filled in anymore

Browse source
This commit is contained in:
Tim Wojtulewicz 2024-03-27 12:45:51 -07:00
parent 84aa308527
commit 017ee4509c
7 changed files with 51 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

49
scripts/policy/frameworks/telemetry/log.zeek
View file

@ -39,9 +39,6 @@ export {
## The name of the metric. ## The name of the metric.
name: string &log; name: string &log;
## The unit of this metric, or unset if unit-less.
unit: string &log &optional;
## The names of the individual labels. ## The names of the individual labels.
labels: vector of string &log; labels: vector of string &log;
@ -66,9 +63,6 @@ export {
## The name of the metric. ## The name of the metric.
name: string &log; name: string &log;
## The unit of this metric, or unset if unit-less.
unit: string &log &optional;
## The names of the individual labels. ## The names of the individual labels.
labels: vector of string &log; labels: vector of string &log;
@ -104,7 +98,21 @@ export {
function do_log() function do_log()
{ {
local ts = network_time(); local ts = network_time();
local metrics = Telemetry::collect_metrics();
## TODO: this is potentially slow, since it requires looping over all of the metrics for each
## prefix, and then doing it again for all of the histograms multiple times.
local metrics : vector of Telemetry::Metric;
if ( |log_prefixes| > 0 )
{
for ( prefix in log_prefixes )
{
metrics += Telemetry::collect_metrics(prefix, "*");
}
}
else
{
metrics = Telemetry::collect_metrics();
}
for ( i in metrics ) for ( i in metrics )
{ {
@ -114,9 +122,6 @@ function do_log()
if ( m$opts$metric_type == DOUBLE_HISTOGRAM || m$opts$metric_type == INT_HISTOGRAM ) if ( m$opts$metric_type == DOUBLE_HISTOGRAM || m$opts$metric_type == INT_HISTOGRAM )
next; next;
if ( |log_prefixes| > 0 && m$opts$prefix !in log_prefixes )
next;
# Render the metric_type as a short string. Unknown # Render the metric_type as a short string. Unknown
# shouldn't really happen, but lets have a fallback. # shouldn't really happen, but lets have a fallback.
local metric_type = "unknown"; local metric_type = "unknown";
@ -138,22 +143,29 @@ function do_log()
$label_values=m$labels, $label_values=m$labels,
$value=m$value); $value=m$value);
if ( m$opts$unit != "1" )
rec$unit = m$opts$unit;
Log::write(LOG, rec); Log::write(LOG, rec);
} }
# Logging of histograms. # Logging of histograms.
ts = network_time(); ts = network_time();
local histogram_metrics = Telemetry::collect_histogram_metrics();
local histogram_metrics : vector of Telemetry::HistogramMetric;
if ( |log_prefixes| > 0 )
{
for ( prefix in log_prefixes )
{
histogram_metrics += Telemetry::collect_histogram_metrics(prefix, "*");
}
}
else
{
histogram_metrics = Telemetry::collect_histogram_metrics();
}
for ( i in histogram_metrics ) for ( i in histogram_metrics )
{ {
local hm = histogram_metrics[i]; local hm = histogram_metrics[i];
if ( |log_prefixes| > 0 && hm$opts$prefix !in log_prefixes )
next;
local hrec = HistogramInfo($ts=ts, local hrec = HistogramInfo($ts=ts,
$peer=peer_description, $peer=peer_description,
$prefix=hm$opts$prefix, $prefix=hm$opts$prefix,
@ -165,9 +177,6 @@ function do_log()
$sum=hm$sum, $sum=hm$sum,
$observations=hm$observations); $observations=hm$observations);
if ( hm$opts$unit != "1" )
hrec$unit = hm$opts$unit;
Log::write(LOG_HISTOGRAM, hrec); Log::write(LOG_HISTOGRAM, hrec);
} }
} }

16
testing/btest/Baseline/scripts.base.frameworks.logging.telemetry/telemetry.log
View file

@ -5,12 +5,12 @@
#unset_field - #unset_field -
#path telemetry #path telemetry
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts peer metric_type prefix name unit labels label_values value #fields ts peer metric_type prefix name labels label_values value
#types time string string string string string vector[string] vector[string] double #types time string string string string vector[string] vector[string] double
XXXXXXXXXX.XXXXXX zeek counter zeek log-stream-writes - module,stream HTTP,HTTP::LOG 14.0 XXXXXXXXXX.XXXXXX zeek counter zeek zeek_log_stream_writes_total module,stream Conn,Conn::LOG 34.0
XXXXXXXXXX.XXXXXX zeek counter zeek log-stream-writes - module,stream DNS,DNS::LOG 34.0 XXXXXXXXXX.XXXXXX zeek counter zeek zeek_log_stream_writes_total module,stream DNS,DNS::LOG 34.0
XXXXXXXXXX.XXXXXX zeek counter zeek log-stream-writes - module,stream Conn,Conn::LOG 34.0 XXXXXXXXXX.XXXXXX zeek counter zeek zeek_log_stream_writes_total module,stream HTTP,HTTP::LOG 14.0
XXXXXXXXXX.XXXXXX zeek counter zeek log-writer-writes - filter-name,module,path,stream,writer default,HTTP,http,HTTP::LOG,Log::WRITER_ASCII 10.0 XXXXXXXXXX.XXXXXX zeek counter zeek zeek_log_writer_writes_total writer,module,stream,filter-name,path default,Conn,conn,Conn::LOG,Log::WRITER_ASCII 30.0
XXXXXXXXXX.XXXXXX zeek counter zeek log-writer-writes - filter-name,module,path,stream,writer default,DNS,dns,DNS::LOG,Log::WRITER_ASCII 23.0 XXXXXXXXXX.XXXXXX zeek counter zeek zeek_log_writer_writes_total writer,module,stream,filter-name,path default,DNS,dns,DNS::LOG,Log::WRITER_ASCII 23.0
XXXXXXXXXX.XXXXXX zeek counter zeek log-writer-writes - filter-name,module,path,stream,writer default,Conn,conn,Conn::LOG,Log::WRITER_ASCII 30.0 XXXXXXXXXX.XXXXXX zeek counter zeek zeek_log_writer_writes_total writer,module,stream,filter-name,path default,HTTP,http,HTTP::LOG,Log::WRITER_ASCII 10.0
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/scripts.policy.frameworks.telemetry.log-prefixes/telemetry.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path telemetry #path telemetry
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts peer metric_type prefix name unit labels label_values value #fields ts peer metric_type prefix name labels label_values value
#types time string string string string string vector[string] vector[string] double #types time string string string string vector[string] vector[string] double
XXXXXXXXXX.XXXXXX zeek counter btest connections - proto tcp 500.0 XXXXXXXXXX.XXXXXX zeek counter btest btest_connections proto tcp 500.0
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/scripts.policy.frameworks.telemetry.log-prefixes/telemetry_histogram.log
View file

@ -5,8 +5,8 @@
#unset_field - #unset_field -
#path telemetry_histogram #path telemetry_histogram
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts peer prefix name unit labels label_values bounds values sum observations #fields ts peer prefix name labels label_values bounds values sum observations
#types time string string string string vector[string] vector[string] vector[double] vector[double] double double #types time string string string vector[string] vector[string] vector[double] vector[double] double double
XXXXXXXXXX.XXXXXX zeek btest connection_duration seconds (empty) (empty) 2.0,3.0,4.0,5.0,6.0,10.0,inf 0.0,0.0,0.0,0.0,0.0,0.0,0.0 0.0 0.0 XXXXXXXXXX.XXXXXX zeek btest btest_connection_duration_seconds (empty) (empty) 2.0,3.0,4.0,5.0,6.0,10.0,inf 0.0,0.0,0.0,0.0,0.0,0.0,0.0 0.0 0.0
XXXXXXXXXX.XXXXXX zeek btest connection_duration seconds (empty) (empty) 2.0,3.0,4.0,5.0,6.0,10.0,inf 0.0,322.0,90.0,5.0,76.0,7.0,0.0 1650.264644 500.0 XXXXXXXXXX.XXXXXX zeek btest btest_connection_duration_seconds (empty) (empty) 2.0,3.0,4.0,5.0,6.0,10.0,inf 0.0,322.0,90.0,5.0,76.0,7.0,0.0 1650.264644 500.0
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/scripts.policy.frameworks.telemetry.log/telemetry.log.filtered
View file

@ -1,5 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
XXXXXXXXXX.XXXXXX zeek gauge zeek active_sessions (empty) protocol tcp 1.0 XXXXXXXXXX.XXXXXX zeek counter zeek zeek_total_sessions_total protocol tcp 1.0
XXXXXXXXXX.XXXXXX zeek counter zeek total_sessions - protocol tcp 1.0 XXXXXXXXXX.XXXXXX zeek gauge zeek zeek_active_sessions protocol tcp 1.0
XXXXXXXXXX.XXXXXX zeek gauge zeek active_sessions (empty) protocol tcp 500.0 XXXXXXXXXX.XXXXXX zeek counter zeek zeek_total_sessions_total protocol tcp 500.0
XXXXXXXXXX.XXXXXX zeek counter zeek total_sessions - protocol tcp 500.0 XXXXXXXXXX.XXXXXX zeek gauge zeek zeek_active_sessions protocol tcp 500.0

4
testing/btest/Baseline/scripts.policy.frameworks.telemetry.log/telemetry_histogram.log.filtered
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
XXXXXXXXXX.XXXXXX zeek zeek connection_duration seconds (empty) (empty) 2.0,3.0,4.0,5.0,6.0,10.0,inf 0.0,0.0,0.0,0.0,0.0,0.0,0.0 0.0 0.0 XXXXXXXXXX.XXXXXX zeek zeek zeek_connection_duration_seconds (empty) (empty) 2.0,3.0,4.0,5.0,6.0,10.0,inf 0.0,0.0,0.0,0.0,0.0,0.0,0.0 0.0 0.0
XXXXXXXXXX.XXXXXX zeek zeek connection_duration seconds (empty) (empty) 2.0,3.0,4.0,5.0,6.0,10.0,inf 0.0,322.0,90.0,5.0,76.0,7.0,0.0 1650.264644 500.0 XXXXXXXXXX.XXXXXX zeek zeek zeek_connection_duration_seconds (empty) (empty) 2.0,3.0,4.0,5.0,6.0,10.0,inf 0.0,322.0,90.0,5.0,76.0,7.0,0.0 1650.264644 500.0

2
testing/btest/scripts/base/frameworks/logging/telemetry.zeek
View file

@ -28,7 +28,7 @@ hook Log::log_stream_policy(rec: any, id: Log::ID)
hook Telemetry::log_policy(rec: Telemetry::Info, id: Log::ID, filter: Log::Filter) hook Telemetry::log_policy(rec: Telemetry::Info, id: Log::ID, filter: Log::Filter)
{ {
if ( rec$prefix != "zeek" || /^log-/ !in rec$name ) if ( rec$prefix != "zeek" || /^zeek_log_/ !in rec$name )
break; break;
if ( /HTTP|DNS|Conn/ !in cat(rec$label_values) ) if ( /HTTP|DNS|Conn/ !in cat(rec$label_values) )