mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 10:28:13 +00:00
513 lines
20 KiB
PHP
513 lines
20 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
// This is a list of stats. Can be mostly regenerated as bia the command below.
|
||
|
|
// suricata_stat_check -c | jq -S .data.totals | grep -E -v '[\{\}]' | sed "s/^. *\"/ '/" | sed "s/\".*$/' => 1,/"
|
||
|
|
//
|
||
|
|
// The purpose is to make sure when Suricata adds new stats, we don't add stuff before knowing if it is known
|
||
|
|
// to be a gauge or counter.
|
||
|
|
|
||
|
|
$suricata_stat_keys = [
|
||
|
|
'app_layer__error__bittorrent-dht__alloc' => 1,
|
||
|
|
'app_layer__error__bittorrent-dht__gap' => 1,
|
||
|
|
'app_layer__error__bittorrent-dht__internal' => 1,
|
||
|
|
'app_layer__error__bittorrent-dht__parser' => 1,
|
||
|
|
'app_layer__error__dcerpc_tcp__alloc' => 1,
|
||
|
|
'app_layer__error__dcerpc_tcp__gap' => 1,
|
||
|
|
'app_layer__error__dcerpc_tcp__internal' => 1,
|
||
|
|
'app_layer__error__dcerpc_tcp__parser' => 1,
|
||
|
|
'app_layer__error__dcerpc_udp__alloc' => 1,
|
||
|
|
'app_layer__error__dcerpc_udp__internal' => 1,
|
||
|
|
'app_layer__error__dcerpc_udp__parser' => 1,
|
||
|
|
'app_layer__error__dhcp__alloc' => 1,
|
||
|
|
'app_layer__error__dhcp__gap' => 1,
|
||
|
|
'app_layer__error__dhcp__internal' => 1,
|
||
|
|
'app_layer__error__dhcp__parser' => 1,
|
||
|
|
'app_layer__error__dnp3__alloc' => 1,
|
||
|
|
'app_layer__error__dnp3__gap' => 1,
|
||
|
|
'app_layer__error__dnp3__internal' => 1,
|
||
|
|
'app_layer__error__dnp3__parser' => 1,
|
||
|
|
'app_layer__error__dns_tcp__alloc' => 1,
|
||
|
|
'app_layer__error__dns_tcp__gap' => 1,
|
||
|
|
'app_layer__error__dns_tcp__internal' => 1,
|
||
|
|
'app_layer__error__dns_tcp__parser' => 1,
|
||
|
|
'app_layer__error__dns_udp__alloc' => 1,
|
||
|
|
'app_layer__error__dns_udp__internal' => 1,
|
||
|
|
'app_layer__error__dns_udp__parser' => 1,
|
||
|
|
'app_layer__error__enip_tcp__alloc' => 1,
|
||
|
|
'app_layer__error__enip_tcp__gap' => 1,
|
||
|
|
'app_layer__error__enip_tcp__internal' => 1,
|
||
|
|
'app_layer__error__enip_tcp__parser' => 1,
|
||
|
|
'app_layer__error__enip_udp__alloc' => 1,
|
||
|
|
'app_layer__error__enip_udp__internal' => 1,
|
||
|
|
'app_layer__error__enip_udp__parser' => 1,
|
||
|
|
'app_layer__error__failed_tcp__gap' => 1,
|
||
|
|
'app_layer__error__ftp-data__alloc' => 1,
|
||
|
|
'app_layer__error__ftp-data__gap' => 1,
|
||
|
|
'app_layer__error__ftp-data__internal' => 1,
|
||
|
|
'app_layer__error__ftp-data__parser' => 1,
|
||
|
|
'app_layer__error__ftp__alloc' => 1,
|
||
|
|
'app_layer__error__ftp__gap' => 1,
|
||
|
|
'app_layer__error__ftp__internal' => 1,
|
||
|
|
'app_layer__error__ftp__parser' => 1,
|
||
|
|
'app_layer__error__http2__alloc' => 1,
|
||
|
|
'app_layer__error__http2__gap' => 1,
|
||
|
|
'app_layer__error__http2__internal' => 1,
|
||
|
|
'app_layer__error__http2__parser' => 1,
|
||
|
|
'app_layer__error__http__alloc' => 1,
|
||
|
|
'app_layer__error__http__gap' => 1,
|
||
|
|
'app_layer__error__http__internal' => 1,
|
||
|
|
'app_layer__error__http__parser' => 1,
|
||
|
|
'app_layer__error__ike__alloc' => 1,
|
||
|
|
'app_layer__error__ike__gap' => 1,
|
||
|
|
'app_layer__error__ike__internal' => 1,
|
||
|
|
'app_layer__error__ike__parser' => 1,
|
||
|
|
'app_layer__error__imap__alloc' => 1,
|
||
|
|
'app_layer__error__imap__gap' => 1,
|
||
|
|
'app_layer__error__imap__internal' => 1,
|
||
|
|
'app_layer__error__imap__parser' => 1,
|
||
|
|
'app_layer__error__krb5_tcp__alloc' => 1,
|
||
|
|
'app_layer__error__krb5_tcp__gap' => 1,
|
||
|
|
'app_layer__error__krb5_tcp__internal' => 1,
|
||
|
|
'app_layer__error__krb5_tcp__parser' => 1,
|
||
|
|
'app_layer__error__krb5_udp__alloc' => 1,
|
||
|
|
'app_layer__error__krb5_udp__internal' => 1,
|
||
|
|
'app_layer__error__krb5_udp__parser' => 1,
|
||
|
|
'app_layer__error__modbus__alloc' => 1,
|
||
|
|
'app_layer__error__modbus__gap' => 1,
|
||
|
|
'app_layer__error__modbus__internal' => 1,
|
||
|
|
'app_layer__error__modbus__parser' => 1,
|
||
|
|
'app_layer__error__mqtt__alloc' => 1,
|
||
|
|
'app_layer__error__mqtt__gap' => 1,
|
||
|
|
'app_layer__error__mqtt__internal' => 1,
|
||
|
|
'app_layer__error__mqtt__parser' => 1,
|
||
|
|
'app_layer__error__nfs_tcp__alloc' => 1,
|
||
|
|
'app_layer__error__nfs_tcp__gap' => 1,
|
||
|
|
'app_layer__error__nfs_tcp__internal' => 1,
|
||
|
|
'app_layer__error__nfs_tcp__parser' => 1,
|
||
|
|
'app_layer__error__nfs_udp__alloc' => 1,
|
||
|
|
'app_layer__error__nfs_udp__internal' => 1,
|
||
|
|
'app_layer__error__nfs_udp__parser' => 1,
|
||
|
|
'app_layer__error__ntp__alloc' => 1,
|
||
|
|
'app_layer__error__ntp__gap' => 1,
|
||
|
|
'app_layer__error__ntp__internal' => 1,
|
||
|
|
'app_layer__error__ntp__parser' => 1,
|
||
|
|
'app_layer__error__pgsql__alloc' => 1,
|
||
|
|
'app_layer__error__pgsql__gap' => 1,
|
||
|
|
'app_layer__error__pgsql__internal' => 1,
|
||
|
|
'app_layer__error__pgsql__parser' => 1,
|
||
|
|
'app_layer__error__quic__alloc' => 1,
|
||
|
|
'app_layer__error__quic__gap' => 1,
|
||
|
|
'app_layer__error__quic__internal' => 1,
|
||
|
|
'app_layer__error__quic__parser' => 1,
|
||
|
|
'app_layer__error__rdp__alloc' => 1,
|
||
|
|
'app_layer__error__rdp__gap' => 1,
|
||
|
|
'app_layer__error__rdp__internal' => 1,
|
||
|
|
'app_layer__error__rdp__parser' => 1,
|
||
|
|
'app_layer__error__rfb__alloc' => 1,
|
||
|
|
'app_layer__error__rfb__gap' => 1,
|
||
|
|
'app_layer__error__rfb__internal' => 1,
|
||
|
|
'app_layer__error__rfb__parser' => 1,
|
||
|
|
'app_layer__error__sip__alloc' => 1,
|
||
|
|
'app_layer__error__sip__gap' => 1,
|
||
|
|
'app_layer__error__sip__internal' => 1,
|
||
|
|
'app_layer__error__sip__parser' => 1,
|
||
|
|
'app_layer__error__smb__alloc' => 1,
|
||
|
|
'app_layer__error__smb__gap' => 1,
|
||
|
|
'app_layer__error__smb__internal' => 1,
|
||
|
|
'app_layer__error__smb__parser' => 1,
|
||
|
|
'app_layer__error__smtp__alloc' => 1,
|
||
|
|
'app_layer__error__smtp__gap' => 1,
|
||
|
|
'app_layer__error__smtp__internal' => 1,
|
||
|
|
'app_layer__error__smtp__parser' => 1,
|
||
|
|
'app_layer__error__snmp__alloc' => 1,
|
||
|
|
'app_layer__error__snmp__gap' => 1,
|
||
|
|
'app_layer__error__snmp__internal' => 1,
|
||
|
|
'app_layer__error__snmp__parser' => 1,
|
||
|
|
'app_layer__error__ssh__alloc' => 1,
|
||
|
|
'app_layer__error__ssh__gap' => 1,
|
||
|
|
'app_layer__error__ssh__internal' => 1,
|
||
|
|
'app_layer__error__ssh__parser' => 1,
|
||
|
|
'app_layer__error__telnet__alloc' => 1,
|
||
|
|
'app_layer__error__telnet__gap' => 1,
|
||
|
|
'app_layer__error__telnet__internal' => 1,
|
||
|
|
'app_layer__error__telnet__parser' => 1,
|
||
|
|
'app_layer__error__tftp__alloc' => 1,
|
||
|
|
'app_layer__error__tftp__gap' => 1,
|
||
|
|
'app_layer__error__tftp__internal' => 1,
|
||
|
|
'app_layer__error__tftp__parser' => 1,
|
||
|
|
'app_layer__error__tls__alloc' => 1,
|
||
|
|
'app_layer__error__tls__gap' => 1,
|
||
|
|
'app_layer__error__tls__internal' => 1,
|
||
|
|
'app_layer__error__tls__parser' => 1,
|
||
|
|
'app_layer__expectations' => 1,
|
||
|
|
'app_layer__flow__bittorrent-dht' => 1,
|
||
|
|
'app_layer__flow__dcerpc_tcp' => 1,
|
||
|
|
'app_layer__flow__dcerpc_udp' => 1,
|
||
|
|
'app_layer__flow__dhcp' => 1,
|
||
|
|
'app_layer__flow__dnp3' => 1,
|
||
|
|
'app_layer__flow__dns_tcp' => 1,
|
||
|
|
'app_layer__flow__dns_udp' => 1,
|
||
|
|
'app_layer__flow__enip_tcp' => 1,
|
||
|
|
'app_layer__flow__enip_udp' => 1,
|
||
|
|
'app_layer__flow__failed_tcp' => 1,
|
||
|
|
'app_layer__flow__failed_udp' => 1,
|
||
|
|
'app_layer__flow__ftp' => 1,
|
||
|
|
'app_layer__flow__ftp-data' => 1,
|
||
|
|
'app_layer__flow__http' => 1,
|
||
|
|
'app_layer__flow__http2' => 1,
|
||
|
|
'app_layer__flow__ike' => 1,
|
||
|
|
'app_layer__flow__imap' => 1,
|
||
|
|
'app_layer__flow__krb5_tcp' => 1,
|
||
|
|
'app_layer__flow__krb5_udp' => 1,
|
||
|
|
'app_layer__flow__modbus' => 1,
|
||
|
|
'app_layer__flow__mqtt' => 1,
|
||
|
|
'app_layer__flow__nfs_tcp' => 1,
|
||
|
|
'app_layer__flow__nfs_udp' => 1,
|
||
|
|
'app_layer__flow__ntp' => 1,
|
||
|
|
'app_layer__flow__pgsql' => 1,
|
||
|
|
'app_layer__flow__quic' => 1,
|
||
|
|
'app_layer__flow__rdp' => 1,
|
||
|
|
'app_layer__flow__rfb' => 1,
|
||
|
|
'app_layer__flow__sip' => 1,
|
||
|
|
'app_layer__flow__smb' => 1,
|
||
|
|
'app_layer__flow__smtp' => 1,
|
||
|
|
'app_layer__flow__snmp' => 1,
|
||
|
|
'app_layer__flow__ssh' => 1,
|
||
|
|
'app_layer__flow__telnet' => 1,
|
||
|
|
'app_layer__flow__tftp' => 1,
|
||
|
|
'app_layer__flow__tls' => 1,
|
||
|
|
'app_layer__tx__bittorrent-dht' => 1,
|
||
|
|
'app_layer__tx__dcerpc_tcp' => 1,
|
||
|
|
'app_layer__tx__dcerpc_udp' => 1,
|
||
|
|
'app_layer__tx__dhcp' => 1,
|
||
|
|
'app_layer__tx__dnp3' => 1,
|
||
|
|
'app_layer__tx__dns_tcp' => 1,
|
||
|
|
'app_layer__tx__dns_udp' => 1,
|
||
|
|
'app_layer__tx__enip_tcp' => 1,
|
||
|
|
'app_layer__tx__enip_udp' => 1,
|
||
|
|
'app_layer__tx__ftp' => 1,
|
||
|
|
'app_layer__tx__ftp-data' => 1,
|
||
|
|
'app_layer__tx__http' => 1,
|
||
|
|
'app_layer__tx__http2' => 1,
|
||
|
|
'app_layer__tx__ike' => 1,
|
||
|
|
'app_layer__tx__imap' => 1,
|
||
|
|
'app_layer__tx__krb5_tcp' => 1,
|
||
|
|
'app_layer__tx__krb5_udp' => 1,
|
||
|
|
'app_layer__tx__modbus' => 1,
|
||
|
|
'app_layer__tx__mqtt' => 1,
|
||
|
|
'app_layer__tx__nfs_tcp' => 1,
|
||
|
|
'app_layer__tx__nfs_udp' => 1,
|
||
|
|
'app_layer__tx__ntp' => 1,
|
||
|
|
'app_layer__tx__pgsql' => 1,
|
||
|
|
'app_layer__tx__quic' => 1,
|
||
|
|
'app_layer__tx__rdp' => 1,
|
||
|
|
'app_layer__tx__rfb' => 1,
|
||
|
|
'app_layer__tx__sip' => 1,
|
||
|
|
'app_layer__tx__smb' => 1,
|
||
|
|
'app_layer__tx__smtp' => 1,
|
||
|
|
'app_layer__tx__snmp' => 1,
|
||
|
|
'app_layer__tx__ssh' => 1,
|
||
|
|
'app_layer__tx__telnet' => 1,
|
||
|
|
'app_layer__tx__tftp' => 1,
|
||
|
|
'app_layer__tx__tls' => 1,
|
||
|
|
'capture__kernel_drops_any' => 1,
|
||
|
|
'capture__kernel_drops' => 1,
|
||
|
|
'capture__kernel_ifdrops' => 1,
|
||
|
|
'capture__kernel_packets' => 1,
|
||
|
|
'decoder__arp' => 1,
|
||
|
|
'decoder__avg_pkt_size' => 1,
|
||
|
|
'decoder__bytes' => 1,
|
||
|
|
'decoder__chdlc' => 1,
|
||
|
|
'decoder__erspan' => 1,
|
||
|
|
'decoder__esp' => 1,
|
||
|
|
'decoder__ethernet' => 1,
|
||
|
|
'decoder__event__chdlc__pkt_too_small' => 1,
|
||
|
|
'decoder__event__dce__pkt_too_small' => 1,
|
||
|
|
'decoder__event__erspan__header_too_small' => 1,
|
||
|
|
'decoder__event__erspan__too_many_vlan_layers' => 1,
|
||
|
|
'decoder__event__erspan__unsupported_version' => 1,
|
||
|
|
'decoder__event__esp__pkt_too_small' => 1,
|
||
|
|
'decoder__event__ethernet__pkt_too_small' => 1,
|
||
|
|
'decoder__event__geneve__unknown_payload_type' => 1,
|
||
|
|
'decoder__event__gre__pkt_too_small' => 1,
|
||
|
|
'decoder__event__gre__version0_flags' => 1,
|
||
|
|
'decoder__event__gre__version0_hdr_too_big' => 1,
|
||
|
|
'decoder__event__gre__version0_malformed_sre_hdr' => 1,
|
||
|
|
'decoder__event__gre__version0_recur' => 1,
|
||
|
|
'decoder__event__gre__version1_chksum' => 1,
|
||
|
|
'decoder__event__gre__version1_flags' => 1,
|
||
|
|
'decoder__event__gre__version1_hdr_too_big' => 1,
|
||
|
|
'decoder__event__gre__version1_malformed_sre_hdr' => 1,
|
||
|
|
'decoder__event__gre__version1_no_key' => 1,
|
||
|
|
'decoder__event__gre__version1_recur' => 1,
|
||
|
|
'decoder__event__gre__version1_route' => 1,
|
||
|
|
'decoder__event__gre__version1_ssr' => 1,
|
||
|
|
'decoder__event__gre__version1_wrong_protocol' => 1,
|
||
|
|
'decoder__event__gre__wrong_version' => 1,
|
||
|
|
'decoder__event__icmpv4__ipv4_trunc_pkt' => 1,
|
||
|
|
'decoder__event__icmpv4__ipv4_unknown_ver' => 1,
|
||
|
|
'decoder__event__icmpv4__pkt_too_small' => 1,
|
||
|
|
'decoder__event__icmpv4__unknown_code' => 1,
|
||
|
|
'decoder__event__icmpv4__unknown_type' => 1,
|
||
|
|
'decoder__event__icmpv6__experimentation_type' => 1,
|
||
|
|
'decoder__event__icmpv6__ipv6_trunc_pkt' => 1,
|
||
|
|
'decoder__event__icmpv6__ipv6_unknown_version' => 1,
|
||
|
|
'decoder__event__icmpv6__mld_message_with_invalid_hl' => 1,
|
||
|
|
'decoder__event__icmpv6__pkt_too_small' => 1,
|
||
|
|
'decoder__event__icmpv6__unassigned_type' => 1,
|
||
|
|
'decoder__event__icmpv6__unknown_code' => 1,
|
||
|
|
'decoder__event__icmpv6__unknown_type' => 1,
|
||
|
|
'decoder__event__ieee8021ah__header_too_small' => 1,
|
||
|
|
'decoder__event__ipraw__invalid_ip_version' => 1,
|
||
|
|
'decoder__event__ipv4__frag_ignored' => 1,
|
||
|
|
'decoder__event__ipv4__frag_overlap' => 1,
|
||
|
|
'decoder__event__ipv4__frag_pkt_too_large' => 1,
|
||
|
|
'decoder__event__ipv4__hlen_too_small' => 1,
|
||
|
|
'decoder__event__ipv4__icmpv6' => 1,
|
||
|
|
'decoder__event__ipv4__iplen_smaller_than_hlen' => 1,
|
||
|
|
'decoder__event__ipv4__opt_duplicate' => 1,
|
||
|
|
'decoder__event__ipv4__opt_eol_required' => 1,
|
||
|
|
'decoder__event__ipv4__opt_invalid' => 1,
|
||
|
|
'decoder__event__ipv4__opt_invalid_len' => 1,
|
||
|
|
'decoder__event__ipv4__opt_malformed' => 1,
|
||
|
|
'decoder__event__ipv4__opt_pad_required' => 1,
|
||
|
|
'decoder__event__ipv4__opt_unknown' => 1,
|
||
|
|
'decoder__event__ipv4__pkt_too_small' => 1,
|
||
|
|
'decoder__event__ipv4__trunc_pkt' => 1,
|
||
|
|
'decoder__event__ipv4__wrong_ip_version' => 1,
|
||
|
|
'decoder__event__ipv6__data_after_none_header' => 1,
|
||
|
|
'decoder__event__ipv6__dstopts_only_padding' => 1,
|
||
|
|
'decoder__event__ipv6__dstopts_unknown_opt' => 1,
|
||
|
|
'decoder__event__ipv6__exthdr_ah_res_not_null' => 1,
|
||
|
|
'decoder__event__ipv6__exthdr_dupl_ah' => 1,
|
||
|
|
'decoder__event__ipv6__exthdr_dupl_dh' => 1,
|
||
|
|
'decoder__event__ipv6__exthdr_dupl_eh' => 1,
|
||
|
|
'decoder__event__ipv6__exthdr_dupl_fh' => 1,
|
||
|
|
'decoder__event__ipv6__exthdr_dupl_hh' => 1,
|
||
|
|
'decoder__event__ipv6__exthdr_dupl_rh' => 1,
|
||
|
|
'decoder__event__ipv6__exthdr_invalid_optlen' => 1,
|
||
|
|
'decoder__event__ipv6__exthdr_useless_fh' => 1,
|
||
|
|
'decoder__event__ipv6__fh_non_zero_reserved_field' => 1,
|
||
|
|
'decoder__event__ipv6__frag_ignored' => 1,
|
||
|
|
'decoder__event__ipv6__frag_invalid_length' => 1,
|
||
|
|
'decoder__event__ipv6__frag_overlap' => 1,
|
||
|
|
'decoder__event__ipv6__frag_pkt_too_large' => 1,
|
||
|
|
'decoder__event__ipv6__hopopts_only_padding' => 1,
|
||
|
|
'decoder__event__ipv6__hopopts_unknown_opt' => 1,
|
||
|
|
'decoder__event__ipv6__icmpv4' => 1,
|
||
|
|
'decoder__event__ipv6__ipv4_in_ipv6_too_small' => 1,
|
||
|
|
'decoder__event__ipv6__ipv4_in_ipv6_wrong_version' => 1,
|
||
|
|
'decoder__event__ipv6__ipv6_in_ipv6_too_small' => 1,
|
||
|
|
'decoder__event__ipv6__ipv6_in_ipv6_wrong_version' => 1,
|
||
|
|
'decoder__event__ipv6__pkt_too_small' => 1,
|
||
|
|
'decoder__event__ipv6__rh_type_0' => 1,
|
||
|
|
'decoder__event__ipv6__trunc_exthdr' => 1,
|
||
|
|
'decoder__event__ipv6__trunc_pkt' => 1,
|
||
|
|
'decoder__event__ipv6__unknown_next_header' => 1,
|
||
|
|
'decoder__event__ipv6__wrong_ip_version' => 1,
|
||
|
|
'decoder__event__ipv6__zero_len_padn' => 1,
|
||
|
|
'decoder__event__ltnull__pkt_too_small' => 1,
|
||
|
|
'decoder__event__ltnull__unsupported_type' => 1,
|
||
|
|
'decoder__event__mpls__bad_label_implicit_null' => 1,
|
||
|
|
'decoder__event__mpls__bad_label_reserved' => 1,
|
||
|
|
'decoder__event__mpls__bad_label_router_alert' => 1,
|
||
|
|
'decoder__event__mpls__header_too_small' => 1,
|
||
|
|
'decoder__event__mpls__pkt_too_small' => 1,
|
||
|
|
'decoder__event__mpls__unknown_payload_type' => 1,
|
||
|
|
'decoder__event__nsh__bad_header_length' => 1,
|
||
|
|
'decoder__event__nsh__header_too_small' => 1,
|
||
|
|
'decoder__event__nsh__reserved_type' => 1,
|
||
|
|
'decoder__event__nsh__unknown_payload' => 1,
|
||
|
|
'decoder__event__nsh__unsupported_type' => 1,
|
||
|
|
'decoder__event__nsh__unsupported_version' => 1,
|
||
|
|
'decoder__event__ppp__ip4_pkt_too_small' => 1,
|
||
|
|
'decoder__event__ppp__ip6_pkt_too_small' => 1,
|
||
|
|
'decoder__event__ppp__pkt_too_small' => 1,
|
||
|
|
'decoder__event__ppp__unsup_proto' => 1,
|
||
|
|
'decoder__event__ppp__vju_pkt_too_small' => 1,
|
||
|
|
'decoder__event__ppp__wrong_type' => 1,
|
||
|
|
'decoder__event__pppoe__malformed_tags' => 1,
|
||
|
|
'decoder__event__pppoe__pkt_too_small' => 1,
|
||
|
|
'decoder__event__pppoe__wrong_code' => 1,
|
||
|
|
'decoder__event__sctp__pkt_too_small' => 1,
|
||
|
|
'decoder__event__sll__pkt_too_small' => 1,
|
||
|
|
'decoder__event__tcp__hlen_too_small' => 1,
|
||
|
|
'decoder__event__tcp__invalid_optlen' => 1,
|
||
|
|
'decoder__event__tcp__opt_duplicate' => 1,
|
||
|
|
'decoder__event__tcp__opt_invalid_len' => 1,
|
||
|
|
'decoder__event__tcp__pkt_too_small' => 1,
|
||
|
|
'decoder__event__udp__hlen_invalid' => 1,
|
||
|
|
'decoder__event__udp__hlen_too_small' => 1,
|
||
|
|
'decoder__event__udp__len_invalid' => 1,
|
||
|
|
'decoder__event__udp__pkt_too_small' => 1,
|
||
|
|
'decoder__event__vlan__header_too_small' => 1,
|
||
|
|
'decoder__event__vlan__too_many_layers' => 1,
|
||
|
|
'decoder__event__vlan__unknown_type' => 1,
|
||
|
|
'decoder__event__vntag__header_too_small' => 1,
|
||
|
|
'decoder__event__vntag__unknown_type' => 1,
|
||
|
|
'decoder__event__vxlan__unknown_payload_type' => 1,
|
||
|
|
'decoder__geneve' => 1,
|
||
|
|
'decoder__gre' => 1,
|
||
|
|
'decoder__icmpv4' => 1,
|
||
|
|
'decoder__icmpv6' => 1,
|
||
|
|
'decoder__ieee8021ah' => 1,
|
||
|
|
'decoder__invalid' => 1,
|
||
|
|
'decoder__ipv4' => 1,
|
||
|
|
'decoder__ipv4_in_ipv6' => 1,
|
||
|
|
'decoder__ipv6' => 1,
|
||
|
|
'decoder__ipv6_in_ipv6' => 1,
|
||
|
|
'decoder__max_mac_addrs_dst' => 1,
|
||
|
|
'decoder__max_mac_addrs_src' => 1,
|
||
|
|
'decoder__max_pkt_size' => 1,
|
||
|
|
'decoder__mpls' => 1,
|
||
|
|
'decoder__nsh' => 1,
|
||
|
|
'decoder__null' => 1,
|
||
|
|
'decoder__pkts' => 1,
|
||
|
|
'decoder__ppp' => 1,
|
||
|
|
'decoder__pppoe' => 1,
|
||
|
|
'decoder__raw' => 1,
|
||
|
|
'decoder__sctp' => 1,
|
||
|
|
'decoder__sll' => 1,
|
||
|
|
'decoder__tcp' => 1,
|
||
|
|
'decoder__teredo' => 1,
|
||
|
|
'decoder__too_many_layers' => 1,
|
||
|
|
'decoder__udp' => 1,
|
||
|
|
'decoder__unknown_ethertype' => 1,
|
||
|
|
'decoder__vlan' => 1,
|
||
|
|
'decoder__vlan_qinq' => 1,
|
||
|
|
'decoder__vlan_qinqinq' => 1,
|
||
|
|
'decoder__vntag' => 1,
|
||
|
|
'decoder__vxlan' => 1,
|
||
|
|
'defrag__ipv4__fragments' => 1,
|
||
|
|
'defrag__ipv4__reassembled' => 1,
|
||
|
|
'defrag__ipv6__fragments' => 1,
|
||
|
|
'defrag__ipv6__reassembled' => 1,
|
||
|
|
'defrag__max_frag_hits' => 1,
|
||
|
|
'detect__alert' => 1,
|
||
|
|
'detect__alert_queue_overflow' => 1,
|
||
|
|
'detect__alerts_suppressed' => 1,
|
||
|
|
'drop_percent' => 1,
|
||
|
|
'error_delta' => 1,
|
||
|
|
'file_store__fs_errors' => 1,
|
||
|
|
'file_store__open_files' => 1,
|
||
|
|
'file_store__open_files_max_hit' => 1,
|
||
|
|
'flow__active' => 1,
|
||
|
|
'flow__emerg_mode_entered' => 1,
|
||
|
|
'flow__emerg_mode_over' => 1,
|
||
|
|
'flow__end__state__closed' => 1,
|
||
|
|
'flow__end__state__established' => 1,
|
||
|
|
'flow__end__state__local_bypassed' => 1,
|
||
|
|
'flow__end__state__new' => 1,
|
||
|
|
'flow__end__tcp_liberal' => 1,
|
||
|
|
'flow__end__tcp_state__close_wait' => 1,
|
||
|
|
'flow__end__tcp_state__closed' => 1,
|
||
|
|
'flow__end__tcp_state__closing' => 1,
|
||
|
|
'flow__end__tcp_state__established' => 1,
|
||
|
|
'flow__end__tcp_state__fin_wait1' => 1,
|
||
|
|
'flow__end__tcp_state__fin_wait2' => 1,
|
||
|
|
'flow__end__tcp_state__last_ack' => 1,
|
||
|
|
'flow__end__tcp_state__none' => 1,
|
||
|
|
'flow__end__tcp_state__syn_recv' => 1,
|
||
|
|
'flow__end__tcp_state__syn_sent' => 1,
|
||
|
|
'flow__end__tcp_state__time_wait' => 1,
|
||
|
|
'flow__get_used' => 1,
|
||
|
|
'flow__get_used_eval' => 1,
|
||
|
|
'flow__get_used_eval_busy' => 1,
|
||
|
|
'flow__get_used_eval_reject' => 1,
|
||
|
|
'flow__get_used_failed' => 1,
|
||
|
|
'flow__icmpv4' => 1,
|
||
|
|
'flow__icmpv6' => 1,
|
||
|
|
'flow__memcap' => 1,
|
||
|
|
'flow__memuse' => 1,
|
||
|
|
'flow__mgr__flows_checked' => 1,
|
||
|
|
'flow__mgr__flows_evicted' => 1,
|
||
|
|
'flow__mgr__flows_evicted_needs_work' => 1,
|
||
|
|
'flow__mgr__flows_notimeout' => 1,
|
||
|
|
'flow__mgr__flows_timeout' => 1,
|
||
|
|
'flow__mgr__full_hash_pass' => 1,
|
||
|
|
'flow__mgr__rows_maxlen' => 1,
|
||
|
|
'flow__mgr__rows_per_sec' => 1,
|
||
|
|
'flow__recycler__queue_avg' => 1,
|
||
|
|
'flow__recycler__queue_max' => 1,
|
||
|
|
'flow__recycler__recycled' => 1,
|
||
|
|
'flow__spare' => 1,
|
||
|
|
'flow__tcp' => 1,
|
||
|
|
'flow__tcp_reuse' => 1,
|
||
|
|
'flow__total' => 1,
|
||
|
|
'flow__udp' => 1,
|
||
|
|
'flow__wrk__flows_evicted' => 1,
|
||
|
|
'flow__wrk__flows_evicted_needs_work' => 1,
|
||
|
|
'flow__wrk__flows_evicted_pkt_inject' => 1,
|
||
|
|
'flow__wrk__flows_injected' => 1,
|
||
|
|
'flow__wrk__flows_injected_max' => 1,
|
||
|
|
'flow__wrk__spare_sync' => 1,
|
||
|
|
'flow__wrk__spare_sync_avg' => 1,
|
||
|
|
'flow__wrk__spare_sync_empty' => 1,
|
||
|
|
'flow__wrk__spare_sync_incomplete' => 1,
|
||
|
|
'flow_bypassed__bytes' => 1,
|
||
|
|
'flow_bypassed__closed' => 1,
|
||
|
|
'flow_bypassed__local_bytes' => 1,
|
||
|
|
'flow_bypassed__local_capture_bytes' => 1,
|
||
|
|
'flow_bypassed__local_capture_pkts' => 1,
|
||
|
|
'flow_bypassed__local_pkts' => 1,
|
||
|
|
'flow_bypassed__pkts' => 1,
|
||
|
|
'ftp__memcap' => 1,
|
||
|
|
'ftp__memuse' => 1,
|
||
|
|
'http__memcap' => 1,
|
||
|
|
'http__memuse' => 1,
|
||
|
|
'memcap_pressure' => 1,
|
||
|
|
'memcap_pressure_max' => 1,
|
||
|
|
'tcp__ack_unseen_data' => 1,
|
||
|
|
'tcp__active_sessions' => 1,
|
||
|
|
'tcp__insert_data_normal_fail' => 1,
|
||
|
|
'tcp__insert_data_overlap_fail' => 1,
|
||
|
|
'tcp__invalid_checksum' => 1,
|
||
|
|
'tcp__memuse' => 1,
|
||
|
|
'tcp__midstream_pickups' => 1,
|
||
|
|
'tcp__overlap' => 1,
|
||
|
|
'tcp__overlap_diff_data' => 1,
|
||
|
|
'tcp__pkt_on_wrong_thread' => 1,
|
||
|
|
'tcp__pseudo' => 1,
|
||
|
|
'tcp__pseudo_failed' => 1,
|
||
|
|
'tcp__reassembly_gap' => 1,
|
||
|
|
'tcp__reassembly_memuse' => 1,
|
||
|
|
'tcp__rst' => 1,
|
||
|
|
'tcp__segment_from_cache' => 1,
|
||
|
|
'tcp__segment_from_pool' => 1,
|
||
|
|
'tcp__segment_memcap_drop' => 1,
|
||
|
|
'tcp__sessions' => 1,
|
||
|
|
'tcp__ssn_from_cache' => 1,
|
||
|
|
'tcp__ssn_from_pool' => 1,
|
||
|
|
'tcp__ssn_memcap_drop' => 1,
|
||
|
|
'tcp__stream_depth_reached' => 1,
|
||
|
|
'tcp__syn' => 1,
|
||
|
|
'tcp__synack' => 1,
|
||
|
|
'uptime' => 1,
|
||
|
|
];
|
||
|
|
|
||
|
|
// anything not here is a counter
|
||
|
|
$suricata_stat_gauges = [
|
||
|
|
'decoder__avg_pkt_size' => 1,
|
||
|
|
'file_store__open_files' => 1,
|
||
|
|
'file_store__open_files_max_hit' => 1,
|
||
|
|
'flow__emerg_mode_entered' => 1,
|
||
|
|
'flow__emerg_mode_over' => 1,
|
||
|
|
'flow__memcap' => 1,
|
||
|
|
'flow__memuse' => 1,
|
||
|
|
'flow__mgr__rows_maxlen' => 1,
|
||
|
|
'flow__recycler__queue_avg' => 1,
|
||
|
|
'flow__recycler__queue_max' => 1,
|
||
|
|
'ftp__memcap' => 1,
|
||
|
|
'ftp__memuse' => 1,
|
||
|
|
'http__memcap' => 1,
|
||
|
|
'http__memuse' => 1,
|
||
|
|
'memcap_pressure' => 1,
|
||
|
|
'memcap_pressure_max' => 1,
|
||
|
|
'uptime' => 1,
|
||
|
|
'tcp__memuse' => 1,
|
||
|
|
'tcp__reassembly_memuse' => 1,
|
||
|
|
'error_delta' => 1,
|
||
|
|
'drop_percent' => 1,
|
||
|
|
'tcp__active_sessions' => 1,
|
||
|
|
];
|