Project

General

Profile

Actions

Bug #6398

closed

Suricata 7.0.1 threads object in stats contains memcap_pressure scalars

Added by Arne Welzel about 1 year ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The suricata_exporter translating from Suricata's dump-counters JSON output to Prometheus metrics expects all entries in the "threads" object to map thread names to further JSON objects containing stats for individual threads.

  "threads": {
    "thread_name": { ... },
    ...
   }

With Suricata 7.0.1, the "threads" object now also contains following memcap_pressure_ entries that aren't actual threads and don't have a type object as value:

    "threads" 
      "FM#01": {
        "flow": {
          "mgr": {
              ...
      },
      "memcap_pressure": 0,
      "memcap_pressure_max": 0,
      "FM#02": {
        "flow": {
          "mgr": {
                ...

Entries for "memcap_pressure" and "memcap_pressure_max" exist in the top-level "message", too, so they seem 1) redundant and 2) out-of place in the "threads" object.

Jeff pointed out commit 2d96b6e13b799fa40a5d3a7d5cd7729af614ab1a as a possible culprit.

After reverting that commit, the "memcap_pressure_" entries indeed show up under the flow-manager threads again which looks much more expected. The entry in the top-level "message", however, vanished.

      "FM#01": {
        "flow": {
          "mgr": {
             ...
        "memcap_pressure": 5,
        "memcap_pressure_max": 5
      },
      "FM#02": {
        "flow": {
          "mgr": {
             ...
        "memcap_pressure": 0,
        "memcap_pressure_max": 0
      },


Files

dump-counters-7.0.1.json (59 Bytes) dump-counters-7.0.1.json Arne Welzel, 10/12/2023 01:19 PM

Related issues 1 (0 open1 closed)

Blocked by Suricata - Bug #6732: Suricata 7.0.2 parent interface object in stats contains VLAN-ID as keysClosedArne WelzelActions
Actions

Also available in: Atom PDF