-
Notifications
You must be signed in to change notification settings - Fork 912
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new(metrics): add file sha256sum metrics for loaded config and rules files #3187
new(metrics): add file sha256sum metrics for loaded config and rules files #3187
Conversation
This PR may bring feature or behavior changes in the Falco engine and may require the engine version to be bumped. Please double check userspace/engine/falco_engine_version.h file. See versioning for FALCO_ENGINE_VERSION. /hold |
f9607c8
to
0cc454d
Compare
/milestone 0.38.0 |
0cc454d
to
9c5a8b6
Compare
This is now ready for review. |
@@ -83,6 +84,9 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state& | |||
{ | |||
falco_logger::log(falco_logger::level::WARNING,res->as_string(true, rc) + "\n"); | |||
} | |||
#if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) | |||
s.config->m_loaded_rules_filenames_sha256sum.push_back(falco::utils::calculate_file_sha256sum(filename)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if m_loaded_rules_filenames_sha256sum
(and m_loaded_configs_filenames_sha256sum
) was instead a unoredered_set<string>string
, where key is filename and value is sha256sum?
This would allow metrics and stats writer to just iterate over m_loaded_rules_filenames_sha256sum
(and m_loaded_configs_filenames
) keys.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If that's more desirable, no problems to change it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would simplify a bit the falco_metrics and stats_writer loops, making them more readable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question: why is all of this linux only?
Main purpose of metrics is at runtime when running Falco on Linux. I am not sure why we would need it when we load a capture file on macOS or Windows. In addition, most metrics already only work on Linux. More thoughts? Support for macOS or Windows likely requires a different approach as that openssl lib I am using is not available. |
I was thinking if running Falco on eg: windows with plugins and their rules, one could still want the shasums in the metrics.
No problem then, we can introduce it later if someone needs it! |
Yeah, right now it's actually not even working well for plugins only even on Linux. Needless to say, metrics still requires lots of work over the next n releases. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
LGTM label has been added. Git tree hash: dcb2a70aa3d6111480fd1c016a4db4f24a8b665d
|
I am investigating the |
Signed-off-by: Melissa Kilby <[email protected]>
…files Signed-off-by: Melissa Kilby <[email protected]>
Signed-off-by: Melissa Kilby <[email protected]>
Signed-off-by: Melissa Kilby <[email protected]>
Co-authored-by: Federico Di Pierro <[email protected]> Signed-off-by: Melissa Kilby <[email protected]>
8c2d430
to
f9c7dc1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
LGTM label has been added. Git tree hash: dc0266cc27417ce5e855648589ac81944db7ea34
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: FedeDP, incertum, leogr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
false positive |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area engine
What this PR does / why we need it:
This PR adds the sha256sum for each loaded config and rules file as individual metric. These metrics complement existing informational metrics such as the Falco version or kernelrelease of the host and especially help to track deployment upgrade convergence and integrity. When hot reloading Falco and having watch config files setting enabled, the state is re-initialized and as such the new sha256sum is calculated.
Note: This PR only adds the new metrics, thus deferring future metrics code consolidations to the next release dev cycle.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: