1 年之前 · 5ca2ee2f2e
--- a/cmd/crowdsec-cli/metrics.go
+++ b/cmd/crowdsec-cli/metrics.go
@@ -240,7 +240,7 @@ func FormatPrometheusMetrics(out io.Writer, url string, formatType string) error
 
				 				waap_engine_stats[metric.Labels["waap_engine"]]["blocked"] = ival
			
 
				 			case "cs_waf_rule_hits":
			
 
				 				waapEngine := metric.Labels["waap_engine"]
			
 
				-				ruleID := metric.Labels["rule_id"]
			
 
				+				ruleID := metric.Labels["rule_name"]
			
 
				 				if _, ok := waap_rule_stats[waapEngine]; !ok {
			
 
				 					waap_rule_stats[waapEngine] = make(map[string]map[string]int, 0)
			
 
				 				}
			
--- a/pkg/acquisition/modules/waap/metrics.go
+++ b/pkg/acquisition/modules/waap/metrics.go
@@ -48,7 +48,7 @@ var WafBlockCounter = prometheus.NewCounterVec(
 
				 var WafRuleHits = prometheus.NewCounterVec(
			
 
				 	prometheus.CounterOpts{
			
 
				 		Name: "cs_waf_rule_hits",
			
 
				-		Help: "Count of triggered rule, by rule_id and type (inband/outofband).",
			
 
				+		Help: "Count of triggered rule, by rule_name, type (inband/outofband), waap_engine and source",
			
 
				 	},
			
 
				-	[]string{"rule_id", "type", "waap_engine", "source"},
			
 
				+	[]string{"rule_name", "type", "waap_engine", "source"},
			
 
				 )
			
--- a/pkg/acquisition/modules/waap/utils.go
+++ b/pkg/acquisition/modules/waap/utils.go
@@ -201,22 +201,22 @@ func (r *WaapRunner) AccumulateTxToEvent(evt *types.Event, req waf.ParsedRequest
 
				 			evt.Waap.HasOutBandMatches = true
			
 
				 		}
			
 
				 
			
 
				-		// TODO: Fetch the Name of the rule when possible
			
 
				-		WafRuleHits.With(prometheus.Labels{"rule_id": fmt.Sprintf("%d", rule.Rule().ID()), "type": kind, "source": req.RemoteAddrNormalized, "waap_engine": req.WaapEngine}).Inc()
			
 
				-
			
 
				 		name := "NOT_SET"
			
 
				 		version := "NOT_SET"
			
 
				 		hash := "NOT_SET"
			
 
				+		ruleNameProm := fmt.Sprintf("%d", rule.Rule().ID())
			
 
				 
			
 
				 		if details, ok := waf.WaapRulesDetails[rule.Rule().ID()]; ok {
			
 
				 			//Only set them for custom rules, not for rules written in seclang
			
 
				 			name = details.Name
			
 
				 			version = details.Version
			
 
				 			hash = details.Hash
			
 
				-
			
 
				+			ruleNameProm = details.Name
			
 
				 			r.logger.Debugf("custom rule for event, setting name: %s, version: %s, hash: %s", name, version, hash)
			
 
				 		}
			
 
				 
			
 
				+		WafRuleHits.With(prometheus.Labels{"rule_name": ruleNameProm, "type": kind, "source": req.RemoteAddrNormalized, "waap_engine": req.WaapEngine}).Inc()
			
 
				+
			
 
				 		corazaRule := map[string]interface{}{
			
 
				 			"id":         rule.Rule().ID(),
			
 
				 			"uri":        evt.Parsed["uri"],