mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 02:18:39 +00:00
572258e0c2
* breakout handling of suricata extend v. 1 returns * initial work for suricata 7.0.0 * add shared file for various Suricata related variables * update handling for new Suricata stuff * fix suricata rrd name bits * update suricata app page a bit * misc * add a new v2 suricata graph * more suricata v2 graphs * fix app data for suricata * more graph work * fix initial graphs * the page selector for suricata v2 * more cleanup for suricata stuff * add more graphs * add suricata_v2_pkt_drop.inc.php * add suricata_v2_error_delta.inc.php * add suricata app layer flows graph * add app layer tx * start work on bypassed * add flow bypass stuff * add suricata error stuff * add more graphs * more suricata v2 work * ... * add packets overview * cleanup suricata_packets_overview.inc.php * more work on the overview graphs * error delta is now per second * cleanup suricata_v2_app_layer_error_alloc.inc.php * add new flow proto stuff * add suricata_v2_flow_proto * add new overview graph * update v2 app layer flows graph * more v2 graph cleanup * suricata graph cleanup * suricata_dec_proto_overview now works * more graph work for suricata * more graph work * add another overview graph * snmp fix * add a new overview graph * add a new over view * more graph stuff * more memory graphs * tidy pages bit * more work on decoder stuff * more decoder work * decoder stuff done * cleanup suricata_packets_overview.inc.php * appl layer tx work * add app flow stuff * fix suricata_v2_decoder__event__ethernet.inc.php * fix suricata_v2_decoder__event__ipv4.inc.php * fix suricata_v2_decoder__event__ipv6.inc.php * add alloc error stuff * more error related work * more error stuff * start work on internal errors * add internal error graphs * parser error stuff done * more decoder work * decoder icmpv4 * more decoder work * ltnull done * mpls decoder stuff * nsh decoder work * decoder ppp done * more decoder work * more decoder work * more vlan work * vntag decoder stuff done * descr_len auto set for generic stats * ipv6 decoder stuff done * style fix * style fix * more style cleanup * more suricata graph work * fix require usage * tweak drop info a bit * add some checks for for with suricata 7.0.4 * more suricata tweaks * fix sagan instance handling * another minor fix * fix improper munging * rever something accidentally added to this repo * add linux_suricata-v2.snmprex * rename the metrics for instances from instance_ to instances_ * add linux_suricata-v2.json test data * style fix * minor munging tweak * style cleanup * some app data fixes * remove a typo from test data * add deleted_at and make sure discovered is numeric and not a string 1 * derp... json fix * remove something accidentally added * fix a small erorr in the test data * add a missing variable to the test data * try another tweak for suricata json test stuff * derp... fix a type in the suricata poller * revert a test data change * re-order some the metrics in the test * some more metric re-ordering * add a missing status * remove something that was accidentally added to this branch instead of another * strcmp cleanup * style fix
513 lines
20 KiB
PHP
513 lines
20 KiB
PHP
<?php
|
|
|
|
// This is a list of stats. Can be mostly regenerated as bia the command below.
|
|
// suricata_stat_check -c | jq -S .data.totals | grep -E -v '[\{\}]' | sed "s/^. *\"/ '/" | sed "s/\".*$/' => 1,/"
|
|
//
|
|
// The purpose is to make sure when Suricata adds new stats, we don't add stuff before knowing if it is known
|
|
// to be a gauge or counter.
|
|
|
|
$suricata_stat_keys = [
|
|
'app_layer__error__bittorrent-dht__alloc' => 1,
|
|
'app_layer__error__bittorrent-dht__gap' => 1,
|
|
'app_layer__error__bittorrent-dht__internal' => 1,
|
|
'app_layer__error__bittorrent-dht__parser' => 1,
|
|
'app_layer__error__dcerpc_tcp__alloc' => 1,
|
|
'app_layer__error__dcerpc_tcp__gap' => 1,
|
|
'app_layer__error__dcerpc_tcp__internal' => 1,
|
|
'app_layer__error__dcerpc_tcp__parser' => 1,
|
|
'app_layer__error__dcerpc_udp__alloc' => 1,
|
|
'app_layer__error__dcerpc_udp__internal' => 1,
|
|
'app_layer__error__dcerpc_udp__parser' => 1,
|
|
'app_layer__error__dhcp__alloc' => 1,
|
|
'app_layer__error__dhcp__gap' => 1,
|
|
'app_layer__error__dhcp__internal' => 1,
|
|
'app_layer__error__dhcp__parser' => 1,
|
|
'app_layer__error__dnp3__alloc' => 1,
|
|
'app_layer__error__dnp3__gap' => 1,
|
|
'app_layer__error__dnp3__internal' => 1,
|
|
'app_layer__error__dnp3__parser' => 1,
|
|
'app_layer__error__dns_tcp__alloc' => 1,
|
|
'app_layer__error__dns_tcp__gap' => 1,
|
|
'app_layer__error__dns_tcp__internal' => 1,
|
|
'app_layer__error__dns_tcp__parser' => 1,
|
|
'app_layer__error__dns_udp__alloc' => 1,
|
|
'app_layer__error__dns_udp__internal' => 1,
|
|
'app_layer__error__dns_udp__parser' => 1,
|
|
'app_layer__error__enip_tcp__alloc' => 1,
|
|
'app_layer__error__enip_tcp__gap' => 1,
|
|
'app_layer__error__enip_tcp__internal' => 1,
|
|
'app_layer__error__enip_tcp__parser' => 1,
|
|
'app_layer__error__enip_udp__alloc' => 1,
|
|
'app_layer__error__enip_udp__internal' => 1,
|
|
'app_layer__error__enip_udp__parser' => 1,
|
|
'app_layer__error__failed_tcp__gap' => 1,
|
|
'app_layer__error__ftp-data__alloc' => 1,
|
|
'app_layer__error__ftp-data__gap' => 1,
|
|
'app_layer__error__ftp-data__internal' => 1,
|
|
'app_layer__error__ftp-data__parser' => 1,
|
|
'app_layer__error__ftp__alloc' => 1,
|
|
'app_layer__error__ftp__gap' => 1,
|
|
'app_layer__error__ftp__internal' => 1,
|
|
'app_layer__error__ftp__parser' => 1,
|
|
'app_layer__error__http2__alloc' => 1,
|
|
'app_layer__error__http2__gap' => 1,
|
|
'app_layer__error__http2__internal' => 1,
|
|
'app_layer__error__http2__parser' => 1,
|
|
'app_layer__error__http__alloc' => 1,
|
|
'app_layer__error__http__gap' => 1,
|
|
'app_layer__error__http__internal' => 1,
|
|
'app_layer__error__http__parser' => 1,
|
|
'app_layer__error__ike__alloc' => 1,
|
|
'app_layer__error__ike__gap' => 1,
|
|
'app_layer__error__ike__internal' => 1,
|
|
'app_layer__error__ike__parser' => 1,
|
|
'app_layer__error__imap__alloc' => 1,
|
|
'app_layer__error__imap__gap' => 1,
|
|
'app_layer__error__imap__internal' => 1,
|
|
'app_layer__error__imap__parser' => 1,
|
|
'app_layer__error__krb5_tcp__alloc' => 1,
|
|
'app_layer__error__krb5_tcp__gap' => 1,
|
|
'app_layer__error__krb5_tcp__internal' => 1,
|
|
'app_layer__error__krb5_tcp__parser' => 1,
|
|
'app_layer__error__krb5_udp__alloc' => 1,
|
|
'app_layer__error__krb5_udp__internal' => 1,
|
|
'app_layer__error__krb5_udp__parser' => 1,
|
|
'app_layer__error__modbus__alloc' => 1,
|
|
'app_layer__error__modbus__gap' => 1,
|
|
'app_layer__error__modbus__internal' => 1,
|
|
'app_layer__error__modbus__parser' => 1,
|
|
'app_layer__error__mqtt__alloc' => 1,
|
|
'app_layer__error__mqtt__gap' => 1,
|
|
'app_layer__error__mqtt__internal' => 1,
|
|
'app_layer__error__mqtt__parser' => 1,
|
|
'app_layer__error__nfs_tcp__alloc' => 1,
|
|
'app_layer__error__nfs_tcp__gap' => 1,
|
|
'app_layer__error__nfs_tcp__internal' => 1,
|
|
'app_layer__error__nfs_tcp__parser' => 1,
|
|
'app_layer__error__nfs_udp__alloc' => 1,
|
|
'app_layer__error__nfs_udp__internal' => 1,
|
|
'app_layer__error__nfs_udp__parser' => 1,
|
|
'app_layer__error__ntp__alloc' => 1,
|
|
'app_layer__error__ntp__gap' => 1,
|
|
'app_layer__error__ntp__internal' => 1,
|
|
'app_layer__error__ntp__parser' => 1,
|
|
'app_layer__error__pgsql__alloc' => 1,
|
|
'app_layer__error__pgsql__gap' => 1,
|
|
'app_layer__error__pgsql__internal' => 1,
|
|
'app_layer__error__pgsql__parser' => 1,
|
|
'app_layer__error__quic__alloc' => 1,
|
|
'app_layer__error__quic__gap' => 1,
|
|
'app_layer__error__quic__internal' => 1,
|
|
'app_layer__error__quic__parser' => 1,
|
|
'app_layer__error__rdp__alloc' => 1,
|
|
'app_layer__error__rdp__gap' => 1,
|
|
'app_layer__error__rdp__internal' => 1,
|
|
'app_layer__error__rdp__parser' => 1,
|
|
'app_layer__error__rfb__alloc' => 1,
|
|
'app_layer__error__rfb__gap' => 1,
|
|
'app_layer__error__rfb__internal' => 1,
|
|
'app_layer__error__rfb__parser' => 1,
|
|
'app_layer__error__sip__alloc' => 1,
|
|
'app_layer__error__sip__gap' => 1,
|
|
'app_layer__error__sip__internal' => 1,
|
|
'app_layer__error__sip__parser' => 1,
|
|
'app_layer__error__smb__alloc' => 1,
|
|
'app_layer__error__smb__gap' => 1,
|
|
'app_layer__error__smb__internal' => 1,
|
|
'app_layer__error__smb__parser' => 1,
|
|
'app_layer__error__smtp__alloc' => 1,
|
|
'app_layer__error__smtp__gap' => 1,
|
|
'app_layer__error__smtp__internal' => 1,
|
|
'app_layer__error__smtp__parser' => 1,
|
|
'app_layer__error__snmp__alloc' => 1,
|
|
'app_layer__error__snmp__gap' => 1,
|
|
'app_layer__error__snmp__internal' => 1,
|
|
'app_layer__error__snmp__parser' => 1,
|
|
'app_layer__error__ssh__alloc' => 1,
|
|
'app_layer__error__ssh__gap' => 1,
|
|
'app_layer__error__ssh__internal' => 1,
|
|
'app_layer__error__ssh__parser' => 1,
|
|
'app_layer__error__telnet__alloc' => 1,
|
|
'app_layer__error__telnet__gap' => 1,
|
|
'app_layer__error__telnet__internal' => 1,
|
|
'app_layer__error__telnet__parser' => 1,
|
|
'app_layer__error__tftp__alloc' => 1,
|
|
'app_layer__error__tftp__gap' => 1,
|
|
'app_layer__error__tftp__internal' => 1,
|
|
'app_layer__error__tftp__parser' => 1,
|
|
'app_layer__error__tls__alloc' => 1,
|
|
'app_layer__error__tls__gap' => 1,
|
|
'app_layer__error__tls__internal' => 1,
|
|
'app_layer__error__tls__parser' => 1,
|
|
'app_layer__expectations' => 1,
|
|
'app_layer__flow__bittorrent-dht' => 1,
|
|
'app_layer__flow__dcerpc_tcp' => 1,
|
|
'app_layer__flow__dcerpc_udp' => 1,
|
|
'app_layer__flow__dhcp' => 1,
|
|
'app_layer__flow__dnp3' => 1,
|
|
'app_layer__flow__dns_tcp' => 1,
|
|
'app_layer__flow__dns_udp' => 1,
|
|
'app_layer__flow__enip_tcp' => 1,
|
|
'app_layer__flow__enip_udp' => 1,
|
|
'app_layer__flow__failed_tcp' => 1,
|
|
'app_layer__flow__failed_udp' => 1,
|
|
'app_layer__flow__ftp' => 1,
|
|
'app_layer__flow__ftp-data' => 1,
|
|
'app_layer__flow__http' => 1,
|
|
'app_layer__flow__http2' => 1,
|
|
'app_layer__flow__ike' => 1,
|
|
'app_layer__flow__imap' => 1,
|
|
'app_layer__flow__krb5_tcp' => 1,
|
|
'app_layer__flow__krb5_udp' => 1,
|
|
'app_layer__flow__modbus' => 1,
|
|
'app_layer__flow__mqtt' => 1,
|
|
'app_layer__flow__nfs_tcp' => 1,
|
|
'app_layer__flow__nfs_udp' => 1,
|
|
'app_layer__flow__ntp' => 1,
|
|
'app_layer__flow__pgsql' => 1,
|
|
'app_layer__flow__quic' => 1,
|
|
'app_layer__flow__rdp' => 1,
|
|
'app_layer__flow__rfb' => 1,
|
|
'app_layer__flow__sip' => 1,
|
|
'app_layer__flow__smb' => 1,
|
|
'app_layer__flow__smtp' => 1,
|
|
'app_layer__flow__snmp' => 1,
|
|
'app_layer__flow__ssh' => 1,
|
|
'app_layer__flow__telnet' => 1,
|
|
'app_layer__flow__tftp' => 1,
|
|
'app_layer__flow__tls' => 1,
|
|
'app_layer__tx__bittorrent-dht' => 1,
|
|
'app_layer__tx__dcerpc_tcp' => 1,
|
|
'app_layer__tx__dcerpc_udp' => 1,
|
|
'app_layer__tx__dhcp' => 1,
|
|
'app_layer__tx__dnp3' => 1,
|
|
'app_layer__tx__dns_tcp' => 1,
|
|
'app_layer__tx__dns_udp' => 1,
|
|
'app_layer__tx__enip_tcp' => 1,
|
|
'app_layer__tx__enip_udp' => 1,
|
|
'app_layer__tx__ftp' => 1,
|
|
'app_layer__tx__ftp-data' => 1,
|
|
'app_layer__tx__http' => 1,
|
|
'app_layer__tx__http2' => 1,
|
|
'app_layer__tx__ike' => 1,
|
|
'app_layer__tx__imap' => 1,
|
|
'app_layer__tx__krb5_tcp' => 1,
|
|
'app_layer__tx__krb5_udp' => 1,
|
|
'app_layer__tx__modbus' => 1,
|
|
'app_layer__tx__mqtt' => 1,
|
|
'app_layer__tx__nfs_tcp' => 1,
|
|
'app_layer__tx__nfs_udp' => 1,
|
|
'app_layer__tx__ntp' => 1,
|
|
'app_layer__tx__pgsql' => 1,
|
|
'app_layer__tx__quic' => 1,
|
|
'app_layer__tx__rdp' => 1,
|
|
'app_layer__tx__rfb' => 1,
|
|
'app_layer__tx__sip' => 1,
|
|
'app_layer__tx__smb' => 1,
|
|
'app_layer__tx__smtp' => 1,
|
|
'app_layer__tx__snmp' => 1,
|
|
'app_layer__tx__ssh' => 1,
|
|
'app_layer__tx__telnet' => 1,
|
|
'app_layer__tx__tftp' => 1,
|
|
'app_layer__tx__tls' => 1,
|
|
'capture__kernel_drops_any' => 1,
|
|
'capture__kernel_drops' => 1,
|
|
'capture__kernel_ifdrops' => 1,
|
|
'capture__kernel_packets' => 1,
|
|
'decoder__arp' => 1,
|
|
'decoder__avg_pkt_size' => 1,
|
|
'decoder__bytes' => 1,
|
|
'decoder__chdlc' => 1,
|
|
'decoder__erspan' => 1,
|
|
'decoder__esp' => 1,
|
|
'decoder__ethernet' => 1,
|
|
'decoder__event__chdlc__pkt_too_small' => 1,
|
|
'decoder__event__dce__pkt_too_small' => 1,
|
|
'decoder__event__erspan__header_too_small' => 1,
|
|
'decoder__event__erspan__too_many_vlan_layers' => 1,
|
|
'decoder__event__erspan__unsupported_version' => 1,
|
|
'decoder__event__esp__pkt_too_small' => 1,
|
|
'decoder__event__ethernet__pkt_too_small' => 1,
|
|
'decoder__event__geneve__unknown_payload_type' => 1,
|
|
'decoder__event__gre__pkt_too_small' => 1,
|
|
'decoder__event__gre__version0_flags' => 1,
|
|
'decoder__event__gre__version0_hdr_too_big' => 1,
|
|
'decoder__event__gre__version0_malformed_sre_hdr' => 1,
|
|
'decoder__event__gre__version0_recur' => 1,
|
|
'decoder__event__gre__version1_chksum' => 1,
|
|
'decoder__event__gre__version1_flags' => 1,
|
|
'decoder__event__gre__version1_hdr_too_big' => 1,
|
|
'decoder__event__gre__version1_malformed_sre_hdr' => 1,
|
|
'decoder__event__gre__version1_no_key' => 1,
|
|
'decoder__event__gre__version1_recur' => 1,
|
|
'decoder__event__gre__version1_route' => 1,
|
|
'decoder__event__gre__version1_ssr' => 1,
|
|
'decoder__event__gre__version1_wrong_protocol' => 1,
|
|
'decoder__event__gre__wrong_version' => 1,
|
|
'decoder__event__icmpv4__ipv4_trunc_pkt' => 1,
|
|
'decoder__event__icmpv4__ipv4_unknown_ver' => 1,
|
|
'decoder__event__icmpv4__pkt_too_small' => 1,
|
|
'decoder__event__icmpv4__unknown_code' => 1,
|
|
'decoder__event__icmpv4__unknown_type' => 1,
|
|
'decoder__event__icmpv6__experimentation_type' => 1,
|
|
'decoder__event__icmpv6__ipv6_trunc_pkt' => 1,
|
|
'decoder__event__icmpv6__ipv6_unknown_version' => 1,
|
|
'decoder__event__icmpv6__mld_message_with_invalid_hl' => 1,
|
|
'decoder__event__icmpv6__pkt_too_small' => 1,
|
|
'decoder__event__icmpv6__unassigned_type' => 1,
|
|
'decoder__event__icmpv6__unknown_code' => 1,
|
|
'decoder__event__icmpv6__unknown_type' => 1,
|
|
'decoder__event__ieee8021ah__header_too_small' => 1,
|
|
'decoder__event__ipraw__invalid_ip_version' => 1,
|
|
'decoder__event__ipv4__frag_ignored' => 1,
|
|
'decoder__event__ipv4__frag_overlap' => 1,
|
|
'decoder__event__ipv4__frag_pkt_too_large' => 1,
|
|
'decoder__event__ipv4__hlen_too_small' => 1,
|
|
'decoder__event__ipv4__icmpv6' => 1,
|
|
'decoder__event__ipv4__iplen_smaller_than_hlen' => 1,
|
|
'decoder__event__ipv4__opt_duplicate' => 1,
|
|
'decoder__event__ipv4__opt_eol_required' => 1,
|
|
'decoder__event__ipv4__opt_invalid' => 1,
|
|
'decoder__event__ipv4__opt_invalid_len' => 1,
|
|
'decoder__event__ipv4__opt_malformed' => 1,
|
|
'decoder__event__ipv4__opt_pad_required' => 1,
|
|
'decoder__event__ipv4__opt_unknown' => 1,
|
|
'decoder__event__ipv4__pkt_too_small' => 1,
|
|
'decoder__event__ipv4__trunc_pkt' => 1,
|
|
'decoder__event__ipv4__wrong_ip_version' => 1,
|
|
'decoder__event__ipv6__data_after_none_header' => 1,
|
|
'decoder__event__ipv6__dstopts_only_padding' => 1,
|
|
'decoder__event__ipv6__dstopts_unknown_opt' => 1,
|
|
'decoder__event__ipv6__exthdr_ah_res_not_null' => 1,
|
|
'decoder__event__ipv6__exthdr_dupl_ah' => 1,
|
|
'decoder__event__ipv6__exthdr_dupl_dh' => 1,
|
|
'decoder__event__ipv6__exthdr_dupl_eh' => 1,
|
|
'decoder__event__ipv6__exthdr_dupl_fh' => 1,
|
|
'decoder__event__ipv6__exthdr_dupl_hh' => 1,
|
|
'decoder__event__ipv6__exthdr_dupl_rh' => 1,
|
|
'decoder__event__ipv6__exthdr_invalid_optlen' => 1,
|
|
'decoder__event__ipv6__exthdr_useless_fh' => 1,
|
|
'decoder__event__ipv6__fh_non_zero_reserved_field' => 1,
|
|
'decoder__event__ipv6__frag_ignored' => 1,
|
|
'decoder__event__ipv6__frag_invalid_length' => 1,
|
|
'decoder__event__ipv6__frag_overlap' => 1,
|
|
'decoder__event__ipv6__frag_pkt_too_large' => 1,
|
|
'decoder__event__ipv6__hopopts_only_padding' => 1,
|
|
'decoder__event__ipv6__hopopts_unknown_opt' => 1,
|
|
'decoder__event__ipv6__icmpv4' => 1,
|
|
'decoder__event__ipv6__ipv4_in_ipv6_too_small' => 1,
|
|
'decoder__event__ipv6__ipv4_in_ipv6_wrong_version' => 1,
|
|
'decoder__event__ipv6__ipv6_in_ipv6_too_small' => 1,
|
|
'decoder__event__ipv6__ipv6_in_ipv6_wrong_version' => 1,
|
|
'decoder__event__ipv6__pkt_too_small' => 1,
|
|
'decoder__event__ipv6__rh_type_0' => 1,
|
|
'decoder__event__ipv6__trunc_exthdr' => 1,
|
|
'decoder__event__ipv6__trunc_pkt' => 1,
|
|
'decoder__event__ipv6__unknown_next_header' => 1,
|
|
'decoder__event__ipv6__wrong_ip_version' => 1,
|
|
'decoder__event__ipv6__zero_len_padn' => 1,
|
|
'decoder__event__ltnull__pkt_too_small' => 1,
|
|
'decoder__event__ltnull__unsupported_type' => 1,
|
|
'decoder__event__mpls__bad_label_implicit_null' => 1,
|
|
'decoder__event__mpls__bad_label_reserved' => 1,
|
|
'decoder__event__mpls__bad_label_router_alert' => 1,
|
|
'decoder__event__mpls__header_too_small' => 1,
|
|
'decoder__event__mpls__pkt_too_small' => 1,
|
|
'decoder__event__mpls__unknown_payload_type' => 1,
|
|
'decoder__event__nsh__bad_header_length' => 1,
|
|
'decoder__event__nsh__header_too_small' => 1,
|
|
'decoder__event__nsh__reserved_type' => 1,
|
|
'decoder__event__nsh__unknown_payload' => 1,
|
|
'decoder__event__nsh__unsupported_type' => 1,
|
|
'decoder__event__nsh__unsupported_version' => 1,
|
|
'decoder__event__ppp__ip4_pkt_too_small' => 1,
|
|
'decoder__event__ppp__ip6_pkt_too_small' => 1,
|
|
'decoder__event__ppp__pkt_too_small' => 1,
|
|
'decoder__event__ppp__unsup_proto' => 1,
|
|
'decoder__event__ppp__vju_pkt_too_small' => 1,
|
|
'decoder__event__ppp__wrong_type' => 1,
|
|
'decoder__event__pppoe__malformed_tags' => 1,
|
|
'decoder__event__pppoe__pkt_too_small' => 1,
|
|
'decoder__event__pppoe__wrong_code' => 1,
|
|
'decoder__event__sctp__pkt_too_small' => 1,
|
|
'decoder__event__sll__pkt_too_small' => 1,
|
|
'decoder__event__tcp__hlen_too_small' => 1,
|
|
'decoder__event__tcp__invalid_optlen' => 1,
|
|
'decoder__event__tcp__opt_duplicate' => 1,
|
|
'decoder__event__tcp__opt_invalid_len' => 1,
|
|
'decoder__event__tcp__pkt_too_small' => 1,
|
|
'decoder__event__udp__hlen_invalid' => 1,
|
|
'decoder__event__udp__hlen_too_small' => 1,
|
|
'decoder__event__udp__len_invalid' => 1,
|
|
'decoder__event__udp__pkt_too_small' => 1,
|
|
'decoder__event__vlan__header_too_small' => 1,
|
|
'decoder__event__vlan__too_many_layers' => 1,
|
|
'decoder__event__vlan__unknown_type' => 1,
|
|
'decoder__event__vntag__header_too_small' => 1,
|
|
'decoder__event__vntag__unknown_type' => 1,
|
|
'decoder__event__vxlan__unknown_payload_type' => 1,
|
|
'decoder__geneve' => 1,
|
|
'decoder__gre' => 1,
|
|
'decoder__icmpv4' => 1,
|
|
'decoder__icmpv6' => 1,
|
|
'decoder__ieee8021ah' => 1,
|
|
'decoder__invalid' => 1,
|
|
'decoder__ipv4' => 1,
|
|
'decoder__ipv4_in_ipv6' => 1,
|
|
'decoder__ipv6' => 1,
|
|
'decoder__ipv6_in_ipv6' => 1,
|
|
'decoder__max_mac_addrs_dst' => 1,
|
|
'decoder__max_mac_addrs_src' => 1,
|
|
'decoder__max_pkt_size' => 1,
|
|
'decoder__mpls' => 1,
|
|
'decoder__nsh' => 1,
|
|
'decoder__null' => 1,
|
|
'decoder__pkts' => 1,
|
|
'decoder__ppp' => 1,
|
|
'decoder__pppoe' => 1,
|
|
'decoder__raw' => 1,
|
|
'decoder__sctp' => 1,
|
|
'decoder__sll' => 1,
|
|
'decoder__tcp' => 1,
|
|
'decoder__teredo' => 1,
|
|
'decoder__too_many_layers' => 1,
|
|
'decoder__udp' => 1,
|
|
'decoder__unknown_ethertype' => 1,
|
|
'decoder__vlan' => 1,
|
|
'decoder__vlan_qinq' => 1,
|
|
'decoder__vlan_qinqinq' => 1,
|
|
'decoder__vntag' => 1,
|
|
'decoder__vxlan' => 1,
|
|
'defrag__ipv4__fragments' => 1,
|
|
'defrag__ipv4__reassembled' => 1,
|
|
'defrag__ipv6__fragments' => 1,
|
|
'defrag__ipv6__reassembled' => 1,
|
|
'defrag__max_frag_hits' => 1,
|
|
'detect__alert' => 1,
|
|
'detect__alert_queue_overflow' => 1,
|
|
'detect__alerts_suppressed' => 1,
|
|
'drop_percent' => 1,
|
|
'error_delta' => 1,
|
|
'file_store__fs_errors' => 1,
|
|
'file_store__open_files' => 1,
|
|
'file_store__open_files_max_hit' => 1,
|
|
'flow__active' => 1,
|
|
'flow__emerg_mode_entered' => 1,
|
|
'flow__emerg_mode_over' => 1,
|
|
'flow__end__state__closed' => 1,
|
|
'flow__end__state__established' => 1,
|
|
'flow__end__state__local_bypassed' => 1,
|
|
'flow__end__state__new' => 1,
|
|
'flow__end__tcp_liberal' => 1,
|
|
'flow__end__tcp_state__close_wait' => 1,
|
|
'flow__end__tcp_state__closed' => 1,
|
|
'flow__end__tcp_state__closing' => 1,
|
|
'flow__end__tcp_state__established' => 1,
|
|
'flow__end__tcp_state__fin_wait1' => 1,
|
|
'flow__end__tcp_state__fin_wait2' => 1,
|
|
'flow__end__tcp_state__last_ack' => 1,
|
|
'flow__end__tcp_state__none' => 1,
|
|
'flow__end__tcp_state__syn_recv' => 1,
|
|
'flow__end__tcp_state__syn_sent' => 1,
|
|
'flow__end__tcp_state__time_wait' => 1,
|
|
'flow__get_used' => 1,
|
|
'flow__get_used_eval' => 1,
|
|
'flow__get_used_eval_busy' => 1,
|
|
'flow__get_used_eval_reject' => 1,
|
|
'flow__get_used_failed' => 1,
|
|
'flow__icmpv4' => 1,
|
|
'flow__icmpv6' => 1,
|
|
'flow__memcap' => 1,
|
|
'flow__memuse' => 1,
|
|
'flow__mgr__flows_checked' => 1,
|
|
'flow__mgr__flows_evicted' => 1,
|
|
'flow__mgr__flows_evicted_needs_work' => 1,
|
|
'flow__mgr__flows_notimeout' => 1,
|
|
'flow__mgr__flows_timeout' => 1,
|
|
'flow__mgr__full_hash_pass' => 1,
|
|
'flow__mgr__rows_maxlen' => 1,
|
|
'flow__mgr__rows_per_sec' => 1,
|
|
'flow__recycler__queue_avg' => 1,
|
|
'flow__recycler__queue_max' => 1,
|
|
'flow__recycler__recycled' => 1,
|
|
'flow__spare' => 1,
|
|
'flow__tcp' => 1,
|
|
'flow__tcp_reuse' => 1,
|
|
'flow__total' => 1,
|
|
'flow__udp' => 1,
|
|
'flow__wrk__flows_evicted' => 1,
|
|
'flow__wrk__flows_evicted_needs_work' => 1,
|
|
'flow__wrk__flows_evicted_pkt_inject' => 1,
|
|
'flow__wrk__flows_injected' => 1,
|
|
'flow__wrk__flows_injected_max' => 1,
|
|
'flow__wrk__spare_sync' => 1,
|
|
'flow__wrk__spare_sync_avg' => 1,
|
|
'flow__wrk__spare_sync_empty' => 1,
|
|
'flow__wrk__spare_sync_incomplete' => 1,
|
|
'flow_bypassed__bytes' => 1,
|
|
'flow_bypassed__closed' => 1,
|
|
'flow_bypassed__local_bytes' => 1,
|
|
'flow_bypassed__local_capture_bytes' => 1,
|
|
'flow_bypassed__local_capture_pkts' => 1,
|
|
'flow_bypassed__local_pkts' => 1,
|
|
'flow_bypassed__pkts' => 1,
|
|
'ftp__memcap' => 1,
|
|
'ftp__memuse' => 1,
|
|
'http__memcap' => 1,
|
|
'http__memuse' => 1,
|
|
'memcap_pressure' => 1,
|
|
'memcap_pressure_max' => 1,
|
|
'tcp__ack_unseen_data' => 1,
|
|
'tcp__active_sessions' => 1,
|
|
'tcp__insert_data_normal_fail' => 1,
|
|
'tcp__insert_data_overlap_fail' => 1,
|
|
'tcp__invalid_checksum' => 1,
|
|
'tcp__memuse' => 1,
|
|
'tcp__midstream_pickups' => 1,
|
|
'tcp__overlap' => 1,
|
|
'tcp__overlap_diff_data' => 1,
|
|
'tcp__pkt_on_wrong_thread' => 1,
|
|
'tcp__pseudo' => 1,
|
|
'tcp__pseudo_failed' => 1,
|
|
'tcp__reassembly_gap' => 1,
|
|
'tcp__reassembly_memuse' => 1,
|
|
'tcp__rst' => 1,
|
|
'tcp__segment_from_cache' => 1,
|
|
'tcp__segment_from_pool' => 1,
|
|
'tcp__segment_memcap_drop' => 1,
|
|
'tcp__sessions' => 1,
|
|
'tcp__ssn_from_cache' => 1,
|
|
'tcp__ssn_from_pool' => 1,
|
|
'tcp__ssn_memcap_drop' => 1,
|
|
'tcp__stream_depth_reached' => 1,
|
|
'tcp__syn' => 1,
|
|
'tcp__synack' => 1,
|
|
'uptime' => 1,
|
|
];
|
|
|
|
// anything not here is a counter
|
|
$suricata_stat_gauges = [
|
|
'decoder__avg_pkt_size' => 1,
|
|
'file_store__open_files' => 1,
|
|
'file_store__open_files_max_hit' => 1,
|
|
'flow__emerg_mode_entered' => 1,
|
|
'flow__emerg_mode_over' => 1,
|
|
'flow__memcap' => 1,
|
|
'flow__memuse' => 1,
|
|
'flow__mgr__rows_maxlen' => 1,
|
|
'flow__recycler__queue_avg' => 1,
|
|
'flow__recycler__queue_max' => 1,
|
|
'ftp__memcap' => 1,
|
|
'ftp__memuse' => 1,
|
|
'http__memcap' => 1,
|
|
'http__memuse' => 1,
|
|
'memcap_pressure' => 1,
|
|
'memcap_pressure_max' => 1,
|
|
'uptime' => 1,
|
|
'tcp__memuse' => 1,
|
|
'tcp__reassembly_memuse' => 1,
|
|
'error_delta' => 1,
|
|
'drop_percent' => 1,
|
|
'tcp__active_sessions' => 1,
|
|
];
|