Merge remote-tracking branch 'origin/topic/neverlord/telemetry-scraper'

* origin/topic/neverlord/telemetry-scraper:
  Integrate review feedback
  Sync new broker options, fix name inconsistencies
  Integrate new Broker metric exporter parameters

CHANGES

@@ -1,3 +1,11 @@
+4.1.0-dev.676 | 2021-06-01 10:19:19 -0700
+
+  * Integrate review feedback (Dominik Charousset, Corelight)
+
+  * Sync new broker options, fix name inconsistencies (Dominik Charousset, Corelight)
+
+  * Integrate new Broker metric exporter parameters (Dominik Charousset, Corelight)
+
 4.1.0-dev.671 | 2021-06-01 09:51:38 -0700
 
   * Update detect-MHR.zeek (Chris C)

VERSION

@@ -1 +1 @@
-4.1.0-dev.671
+4.1.0-dev.676

auxil/broker

@@ -1 +1 @@
-Subproject commit 2b3574a1e442832313b9a349d809040a69c2c536
+Subproject commit 769ce5ca1bdf2ff14f91d791fa2b87db4f3d0fdb

scripts/base/frameworks/broker/main.zeek

@@ -31,7 +31,7 @@ export {
 	## authenticated.
 	const disable_ssl = F &redef;
 
-	## Path to a file containing concatenated trusted certificates 
+	## Path to a file containing concatenated trusted certificates
 	## in PEM format. If set, Zeek will require valid certificates for
 	## all peers.
 	const ssl_cafile = "" &redef;
@@ -122,6 +122,37 @@ export {
 	## done reading the pcap.
 	option peer_counts_as_iosource = T;
 
+	## Port for Broker's metric exporter. Setting this to a valid TCP port causes
+	## Broker to make metrics available to Prometheus scrapers via HTTP. Zeek
+	## overrides any value provided in zeek_init or earlier at startup if the
+	## environment variable BROKER_METRICS_PORT is defined.
+	const metrics_port = 0/unknown &redef;
+
+	## Frequency for publishing scraped metrics to the target topic. Zeek
+	## overrides any value provided in zeek_init or earlier at startup if the
+	## environment variable BROKER_METRICS_EXPORT_INTERVAL is defined.
+	option metrics_export_interval = 1 sec;
+
+	## Target topic for the metrics. Setting a non-empty string starts the
+	## periodic publishing of local metrics. Zeek overrides any value provided in
+	## zeek_init or earlier at startup if the environment variable
+	## BROKER_METRICS_EXPORT_TOPIC is defined.
+	option metrics_export_topic = "";
+
+	## ID for the metrics exporter. When setting a target topic for the
+	## exporter, Broker sets this option to the suffix of the new topic *unless*
+	## the ID is a non-empty string. Since setting a topic starts the periodic
+	## publishing of events, we recommend setting the ID always first or avoid
+	## setting it at all if the topic suffix serves as a good-enough ID. Zeek
+	## overrides any value provided in zeek_init or earlier at startup if the
+	## environment variable BROKER_METRICS_ENDPOINT_NAME is defined.
+	option metrics_export_endpoint_name = "";
+
+	## Selects prefixes from the local metrics. Only metrics with prefixes
+	## listed in this variable are included when publishing local metrics.
+	## Setting an empty vector selects *all* metrics.
+	option metrics_export_prefixes: vector of string = vector();
+
 	## The default topic prefix where logs will be published.  The log's stream
 	## id is appended when writing to a particular stream.
 	const default_log_topic_prefix = "zeek/logs/" &redef;
@@ -385,9 +416,53 @@ event Broker::log_flush() &priority=10
 	schedule Broker::log_batch_interval { Broker::log_flush() };
 	}
 
+function update_metrics_export_interval(id: string, val: interval): interval
+	{
+	Broker::__set_metrics_export_interval(val);
+	return val;
+	}
+
+function update_metrics_export_topic(id: string, val: string): string
+	{
+	Broker::__set_metrics_export_topic(val);
+	return val;
+	}
+
+function update_metrics_export_endpoint_name(id: string, val: string): string
+	{
+	Broker::__set_metrics_export_endpoint_name(val);
+	return val;
+	}
+
+function update_metrics_export_prefixes(id: string, filter: vector of string): vector of string
+	{
+	Broker::__set_metrics_export_prefixes(filter);
+	return filter;
+	}
+
 event zeek_init()
 	{
 	schedule Broker::log_batch_interval { Broker::log_flush() };
+	# interval
+	update_metrics_export_interval("Broker::metrics_export_interval",
+	                               Broker::metrics_export_interval);
+	Option::set_change_handler("Broker::metrics_export_interval",
+	                           update_metrics_export_interval);
+	# topic
+	update_metrics_export_topic("Broker::metrics_export_topic",
+	                            Broker::metrics_export_topic);
+	Option::set_change_handler("Broker::metrics_export_topic",
+	                           update_metrics_export_topic);
+	# endpoint name
+	update_metrics_export_endpoint_name("Broker::metrics_export_endpoint_name",
+	                                    Broker::metrics_export_endpoint_name);
+	Option::set_change_handler("Broker::metrics_export_endpoint_name",
+	                           update_metrics_export_endpoint_name);
+	# prefixes
+	update_metrics_export_prefixes("Broker::metrics_export_prefixes",
+	                               Broker::metrics_export_prefixes);
+	Option::set_change_handler("Broker::metrics_export_prefixes",
+	                           update_metrics_export_prefixes);
 	}
 
 event retry_listen(a: string, p: port, retry: interval)

src/broker/Manager.cc

@@ -41,6 +41,87 @@ static inline Val* get_option(const char* option)
 	return id->GetVal().get();
 	}
 
+template <class T>
+static inline void set_option(const char* option, const T& value)
+	{
+	const auto& id = zeek::detail::global_scope()->Find(option);
+
+	if ( ! id )
+		reporter->FatalError("Unknown Broker option %s", option);
+
+	if constexpr ( std::is_same_v<T, broker::port> )
+		{
+		switch ( value.type() ) {
+		case broker::port::protocol::tcp:
+			id->SetVal(val_mgr->Port(value.number(), TRANSPORT_TCP));
+			break;
+		case broker::port::protocol::udp:
+			id->SetVal(val_mgr->Port(value.number(), TRANSPORT_UDP));
+			break;
+		case broker::port::protocol::icmp:
+			id->SetVal(val_mgr->Port(value.number(), TRANSPORT_ICMP));
+			break;
+		default:
+			id->SetVal(val_mgr->Port(value.number(), TRANSPORT_UNKNOWN ));
+		}
+		}
+	else if constexpr ( std::is_same_v<T, broker::timespan> )
+		{
+		using std::chrono::duration_cast;
+		auto ts = duration_cast<broker::fractional_seconds>(value);
+		id->SetVal(make_intrusive<IntervalVal>(ts.count()));
+		}
+	else if constexpr ( std::is_same_v<T, std::vector<std::string>> )
+		{
+		auto ptr = make_intrusive<VectorVal>(zeek::id::string_vec);
+		for ( const auto& str : value )
+			ptr->Append(make_intrusive<StringVal>(str));
+		id->SetVal(std::move(ptr));
+		}
+	else
+		{
+		static_assert(std::is_same_v<T, std::string>);
+		id->SetVal(make_intrusive<StringVal>(value));
+		}
+	}
+
+namespace {
+
+struct opt_mapping {
+	broker::configuration* cfg;
+	std::string_view broker_name;
+	const char* zeek_name;
+
+	template <class T>
+	auto broker_read()
+		{
+		return caf::get_as<T>(*cfg, broker_name);
+		}
+
+	template <class T>
+	auto broker_write(T&& val)
+		{
+		cfg->set(broker_name, std::forward<T>(val));
+		}
+
+	auto zeek_read()
+		{
+		return get_option(zeek_name);
+		}
+
+	template <class T>
+	auto zeek_write(const T& val)
+		{
+		set_option(zeek_name, val);
+		}
+};
+
+#define WITH_OPT_MAPPING(broker_name, zeek_name)                               \
+  if ( auto opt = opt_mapping{&config, broker_name, zeek_name}; true )
+
+}//namespace
+
+
 class BrokerConfig : public broker::configuration {
 public:
 	BrokerConfig(broker::broker_options options)
@@ -212,6 +293,89 @@ void Manager::InitPostScript()
 	config.set("caf.work-stealing.relaxed-steal-interval",
 	           get_option("Broker::relaxed_interval")->AsCount());
 
+	// Before launching Broker, we check whether the configuration contains
+	// values for the metric_exporter_* options. If Broker already has picked up
+	// values from environment variables (or config files) then we write then
+	// back. Otherwise, we forward user-defined values from script land (but
+	// ignore defaults).
+	WITH_OPT_MAPPING("broker.metrics.port", "Broker::metrics_port")
+		{
+		if ( auto port = opt.broker_read<uint16_t>() )
+			{
+			opt.zeek_write(broker::port{*port, broker::port::protocol::tcp});
+			}
+		else
+			{
+			auto ptr = opt.zeek_read()->AsPortVal();
+			if ( ptr->IsTCP() )
+				opt.broker_write(ptr->Port());
+			}
+		}
+
+	WITH_OPT_MAPPING("broker.metrics.export.interval",
+	                 "Broker::metrics_export_interval")
+		{
+		if ( auto ts = opt.broker_read<broker::timespan>() )
+			{
+			opt.zeek_write(*ts);
+			}
+		else
+			{
+			using std::chrono::duration_cast;
+			auto val = opt.zeek_read()->AsInterval();
+			auto frac_ts = broker::fractional_seconds{val};
+			if ( frac_ts.count() > 0.0 )
+				opt.broker_write(duration_cast<broker::timespan>(frac_ts));
+			}
+		}
+
+	WITH_OPT_MAPPING("broker.metrics.export.topic",
+	                 "Broker::metrics_export_topic")
+		{
+		if ( auto str = opt.broker_read<std::string>() )
+			{
+			opt.zeek_write(*str);
+			}
+		else
+			{
+			auto ptr = opt.zeek_read()->AsStringVal();
+			if ( ptr->Len() > 0 )
+				opt.broker_write(ptr->ToStdString());
+			}
+		}
+
+	WITH_OPT_MAPPING("broker.metrics.endpoint-name",
+	                 "Broker::metrics_export_endpoint_name")
+		{
+		if ( auto str = opt.broker_read<std::string>() )
+			{
+			opt.zeek_write(*str);
+			}
+		else
+			{
+			auto ptr = opt.zeek_read()->AsStringVal();
+			if ( ptr->Len() > 0 )
+				opt.broker_write(ptr->ToStdString());
+			}
+		}
+
+	WITH_OPT_MAPPING("broker.metrics.export.prefixes",
+	                 "Broker::metrics_export_prefixes")
+		{
+		if ( auto str = opt.broker_read<std::vector<std::string>>() )
+			{
+			opt.zeek_write(*str);
+			}
+		else
+			{
+			auto ptr = opt.zeek_read()->AsVectorVal();
+			std::vector<std::string> str_ls;
+			for ( unsigned index = 0; index < ptr->Size(); ++index )
+				str_ls.emplace_back(ptr->StringValAt(index)->ToStdString());
+			opt.broker_write(std::move(str_ls));
+			}
+		}
+
 	auto cqs = get_option("Broker::congestion_queue_size")->AsCount();
 	bstate = std::make_shared<BrokerState>(std::move(config), cqs);
 
@@ -1807,6 +1971,28 @@ void Manager::PrepareForwarding(const std::string &name)
 	DBG_LOG(DBG_BROKER, "Resolved table forward for data store %s", name.c_str());
 	}
 
+void Manager::SetMetricsExportInterval(double value)
+	{
+	broker::timespan ts;
+	if ( broker::convert(value, ts) )
+		bstate->endpoint.metrics_exporter().set_interval(ts);
+	}
+
+void Manager::SetMetricsExportTopic(std::string value)
+	{
+	bstate->endpoint.metrics_exporter().set_target(std::move(value));
+	}
+
+void Manager::SetMetricsExportEndpointName(std::string value)
+	{
+	bstate->endpoint.metrics_exporter().set_id(std::move(value));
+	}
+
+void Manager::SetMetricsExportPrefixes(std::vector<std::string> filter)
+	{
+	bstate->endpoint.metrics_exporter().set_prefixes(std::move(filter));
+	}
+
 std::unique_ptr<telemetry::Manager> Manager::NewTelemetryManager()
 	{
 	// The telemetry Manager actually only has a dependency on the actor system,

src/broker/Manager.h

@@ -359,6 +359,35 @@ public:
 		~ScriptScopeGuard() { --script_scope; }
 	};
 
+	/**
+	 * Changes the frequency for publishing scraped metrics to the target topic.
+	 * Passing a zero-length interval has no effect.
+	 * @param value Interval between two scrapes in seconds.
+	 */
+	void SetMetricsExportInterval(double value);
+
+	/**
+	 * Sets a new target topic for the metrics. Passing an empty string has no
+	 * effect.
+	 * @param value The new topic for publishing local metrics to.
+	 */
+	void SetMetricsExportTopic(std::string value);
+
+	/**
+	 * Sets a new ID for the metrics exporter. Passing an empty string has no
+	 * effect.
+	 * @param value The new ID of the exporter in published metrics.
+	 */
+	void SetMetricsExportEndpointName(std::string value);
+
+	/**
+	 * Sets a prefix selection for the metrics exporter. An empty vector selects
+	 * *all* metrics.
+	 * @param filter List of selected metric prefixes or an empty vector for
+	 *               selecting all metrics.
+	 */
+	void SetMetricsExportPrefixes(std::vector<std::string> filter);
+
 	/**
 	 * Allocates a new manager for telemetry data.
 	 */

src/broker/comm.bif

@@ -145,3 +145,45 @@ function Broker::__node_id%(%): string
 	zeek::Broker::Manager::ScriptScopeGuard ssg;
 	return zeek::make_intrusive<zeek::StringVal>(broker_mgr->NodeID());
 	%}
+
+function Broker::__set_metrics_export_interval%(value: interval%): bool
+	%{
+	// This BIF may run prior to broker::Manager::InitPostScript. In this case,
+	// broker_mgr is still null but we can safely ignore this event because the
+	// Manager is going to initialize Broker using the most recent value of the
+	// corresponding option.
+	zeek::Broker::Manager::ScriptScopeGuard ssg;
+	if ( broker_mgr )
+		broker_mgr->SetMetricsExportInterval(value);
+	return zeek::val_mgr->True();
+	%}
+
+function Broker::__set_metrics_export_topic%(value: string%): bool
+	%{
+	zeek::Broker::Manager::ScriptScopeGuard ssg;
+	if ( broker_mgr )
+		broker_mgr->SetMetricsExportTopic(value->ToStdString());
+	return zeek::val_mgr->True();
+	%}
+
+function Broker::__set_metrics_export_endpoint_name%(value: string%): bool
+	%{
+	zeek::Broker::Manager::ScriptScopeGuard ssg;
+	if ( broker_mgr )
+		broker_mgr->SetMetricsExportEndpointName(value->ToStdString());
+	return zeek::val_mgr->True();
+	%}
+
+function Broker::__set_metrics_export_prefixes%(filter: string_vec%): bool
+	%{
+	zeek::Broker::Manager::ScriptScopeGuard ssg;
+	if ( broker_mgr )
+		{
+		std::vector<std::string> slist;
+		auto* vval = filter->AsVectorVal();
+		for ( unsigned index = 0; index < vval->Size(); ++index )
+			slist.emplace_back(vval->StringValAt(index)->ToStdString());
+		broker_mgr->SetMetricsExportPrefixes(std::move(slist));
+		}
+	return zeek::val_mgr->True();
+	%}

testing/btest/Baseline/plugins.hooks/output

@@ -164,8 +164,16 @@
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_VXLAN, {4789/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_XMPP, {5222<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Broker::__set_metrics_export_endpoint_name, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(Broker::__set_metrics_export_interval, <frame>, (1.0 sec)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Broker::__set_metrics_export_prefixes, <frame>, ([])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Broker::__set_metrics_export_topic, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Broker::__subscribe, <frame>, (zeek/supervisor)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Broker::subscribe, <frame>, (zeek/supervisor)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Broker::update_metrics_export_endpoint_name, <frame>, (Broker::metrics_export_endpoint_name, )) -> <no result>
+0.000000   MetaHookPost  CallFunction(Broker::update_metrics_export_interval, <frame>, (Broker::metrics_export_interval, 1.0 sec)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Broker::update_metrics_export_prefixes, <frame>, (Broker::metrics_export_prefixes, [])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Broker::update_metrics_export_topic, <frame>, (Broker::metrics_export_topic, )) -> <no result>
 0.000000   MetaHookPost  CallFunction(Cluster::is_enabled, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Cluster::is_enabled, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Cluster::local_node_type, <null>, ()) -> <no result>
@@ -474,6 +482,14 @@
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_endpoint_name, Broker::update_metrics_export_endpoint_name{ Broker::__set_metrics_export_endpoint_name(Broker::val)return (Broker::val)}, 0)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_endpoint_name, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_interval, Broker::update_metrics_export_interval{ Broker::__set_metrics_export_interval(Broker::val)return (Broker::val)}, 0)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_prefixes, Broker::update_metrics_export_prefixes{ Broker::__set_metrics_export_prefixes(Broker::filter)return (Broker::filter)}, 0)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_prefixes, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_topic, Broker::update_metrics_export_topic{ Broker::__set_metrics_export_topic(Broker::val)return (Broker::val)}, 0)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_topic, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
@@ -1181,8 +1197,16 @@
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_VXLAN, {4789/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_XMPP, {5222<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Broker::__set_metrics_export_endpoint_name, <frame>, ())
+0.000000   MetaHookPre   CallFunction(Broker::__set_metrics_export_interval, <frame>, (1.0 sec))
+0.000000   MetaHookPre   CallFunction(Broker::__set_metrics_export_prefixes, <frame>, ([]))
+0.000000   MetaHookPre   CallFunction(Broker::__set_metrics_export_topic, <frame>, ())
 0.000000   MetaHookPre   CallFunction(Broker::__subscribe, <frame>, (zeek/supervisor))
 0.000000   MetaHookPre   CallFunction(Broker::subscribe, <frame>, (zeek/supervisor))
+0.000000   MetaHookPre   CallFunction(Broker::update_metrics_export_endpoint_name, <frame>, (Broker::metrics_export_endpoint_name, ))
+0.000000   MetaHookPre   CallFunction(Broker::update_metrics_export_interval, <frame>, (Broker::metrics_export_interval, 1.0 sec))
+0.000000   MetaHookPre   CallFunction(Broker::update_metrics_export_prefixes, <frame>, (Broker::metrics_export_prefixes, []))
+0.000000   MetaHookPre   CallFunction(Broker::update_metrics_export_topic, <frame>, (Broker::metrics_export_topic, ))
 0.000000   MetaHookPre   CallFunction(Cluster::is_enabled, <frame>, ())
 0.000000   MetaHookPre   CallFunction(Cluster::is_enabled, <null>, ())
 0.000000   MetaHookPre   CallFunction(Cluster::local_node_type, <null>, ())
@@ -1491,6 +1515,14 @@
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_endpoint_name, Broker::update_metrics_export_endpoint_name{ Broker::__set_metrics_export_endpoint_name(Broker::val)return (Broker::val)}, 0))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_endpoint_name, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_interval, Broker::update_metrics_export_interval{ Broker::__set_metrics_export_interval(Broker::val)return (Broker::val)}, 0))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_prefixes, Broker::update_metrics_export_prefixes{ Broker::__set_metrics_export_prefixes(Broker::filter)return (Broker::filter)}, 0))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_prefixes, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_topic, Broker::update_metrics_export_topic{ Broker::__set_metrics_export_topic(Broker::val)return (Broker::val)}, 0))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_topic, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
@@ -2198,8 +2230,16 @@
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_VXLAN, {4789/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_XMPP, {5222<...>/tcp})
+0.000000 | HookCallFunction Broker::__set_metrics_export_endpoint_name()
+0.000000 | HookCallFunction Broker::__set_metrics_export_interval(1.0 sec)
+0.000000 | HookCallFunction Broker::__set_metrics_export_prefixes([])
+0.000000 | HookCallFunction Broker::__set_metrics_export_topic()
 0.000000 | HookCallFunction Broker::__subscribe(zeek/supervisor)
 0.000000 | HookCallFunction Broker::subscribe(zeek/supervisor)
+0.000000 | HookCallFunction Broker::update_metrics_export_endpoint_name(Broker::metrics_export_endpoint_name, )
+0.000000 | HookCallFunction Broker::update_metrics_export_interval(Broker::metrics_export_interval, 1.0 sec)
+0.000000 | HookCallFunction Broker::update_metrics_export_prefixes(Broker::metrics_export_prefixes, [])
+0.000000 | HookCallFunction Broker::update_metrics_export_topic(Broker::metrics_export_topic, )
 0.000000 | HookCallFunction Cluster::is_enabled()
 0.000000 | HookCallFunction Cluster::local_node_type()
 0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=<uninitialized>, exclusive=F])
@@ -2507,6 +2547,14 @@
 0.000000 | HookCallFunction Notice::want_pp()
 0.000000 | HookCallFunction Option::set_change_handler(ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_endpoint_name, Broker::update_metrics_export_endpoint_name{ Broker::__set_metrics_export_endpoint_name(Broker::val)return (Broker::val)}, 0)
+0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_endpoint_name, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_interval, Broker::update_metrics_export_interval{ Broker::__set_metrics_export_interval(Broker::val)return (Broker::val)}, 0)
+0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_prefixes, Broker::update_metrics_export_prefixes{ Broker::__set_metrics_export_prefixes(Broker::filter)return (Broker::filter)}, 0)
+0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_prefixes, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_topic, Broker::update_metrics_export_topic{ Broker::__set_metrics_export_topic(Broker::val)return (Broker::val)}, 0)
+0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_topic, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)