beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

update

Browse source
This commit is contained in:
alteredCoder 2023-11-28 15:10:32 +01:00
parent 3683a7a02a
commit 5ca2ee2f2e
3 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/crowdsec-cli/metrics.go
View file

@ -240,7 +240,7 @@ func FormatPrometheusMetrics(out io.Writer, url string, formatType string) error
waap_engine_stats[metric.Labels["waap_engine"]]["blocked"] = ival
case "cs_waf_rule_hits":
waapEngine := metric.Labels["waap_engine"]
ruleID := metric.Labels["rule_id"]
ruleID := metric.Labels["rule_name"]
if _, ok := waap_rule_stats[waapEngine]; !ok {
waap_rule_stats[waapEngine] = make(map[string]map[string]int, 0)
}

4
pkg/acquisition/modules/waap/metrics.go
View file

@ -48,7 +48,7 @@ var WafBlockCounter = prometheus.NewCounterVec(
var WafRuleHits = prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "cs_waf_rule_hits",
Help: "Count of triggered rule, by rule_id and type (inband/outofband).",
Help: "Count of triggered rule, by rule_name, type (inband/outofband), waap_engine and source",
},
[]string{"rule_id", "type", "waap_engine", "source"},
[]string{"rule_name", "type", "waap_engine", "source"},
)

8
pkg/acquisition/modules/waap/utils.go
View file

@ -201,22 +201,22 @@ func (r *WaapRunner) AccumulateTxToEvent(evt *types.Event, req waf.ParsedRequest
evt.Waap.HasOutBandMatches = true
}
// TODO: Fetch the Name of the rule when possible
WafRuleHits.With(prometheus.Labels{"rule_id": fmt.Sprintf("%d", rule.Rule().ID()), "type": kind, "source": req.RemoteAddrNormalized, "waap_engine": req.WaapEngine}).Inc()
name := "NOT_SET"
version := "NOT_SET"
hash := "NOT_SET"
ruleNameProm := fmt.Sprintf("%d", rule.Rule().ID())
if details, ok := waf.WaapRulesDetails[rule.Rule().ID()]; ok {
//Only set them for custom rules, not for rules written in seclang
name = details.Name
version = details.Version
hash = details.Hash
ruleNameProm = details.Name
r.logger.Debugf("custom rule for event, setting name: %s, version: %s, hash: %s", name, version, hash)
}
WafRuleHits.With(prometheus.Labels{"rule_name": ruleNameProm, "type": kind, "source": req.RemoteAddrNormalized, "waap_engine": req.WaapEngine}).Inc()
corazaRule := map[string]interface{}{
"id": rule.Rule().ID(),
"uri": evt.Parsed["uri"],