add Suricata Extract submission stats app (#15105)

* add suricata_extract * convert from dervive to gauge and use delta * add suricata_extract to includes/html/pages/apps.inc.php * graph cleanup * add sub_size * add sub_size graph * add docs for suricata extract * add tests for suricata_extract * add rules for suricata extract * minor test tweaks
2024-10-07 16:52:45 +00:00 · 2023-06-25 13:48:26 -05:00
parent 17f503b40a
commit 00cf300d1a
22 changed files with 472 additions and 0 deletions
--- a/includes/html/graphs/application/suricata_extract_errors.inc.php
+++ b/includes/html/graphs/application/suricata_extract_errors.inc.php
@@ -0,0 +1,11 @@
+<?php
+
+$ds = 'errors';
+$unit_text = 'Errors';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_ignored_host.inc.php
+++ b/includes/html/graphs/application/suricata_extract_ignored_host.inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$ds = 'ignored_host';
+$unit_text = 'Ignored';
+$descr = 'By Host';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_ignored_ip.inc.php
+++ b/includes/html/graphs/application/suricata_extract_ignored_ip.inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$ds = 'ignored_ip';
+$unit_text = 'Ignored';
+$descr = 'By IP';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_ignored_ip_dest.inc.php
+++ b/includes/html/graphs/application/suricata_extract_ignored_ip_dest.inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$ds = 'ignored_ip_dest';
+$unit_text = 'Ignored';
+$descr = 'By IP Dest';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_ignored_ip_src.inc.php
+++ b/includes/html/graphs/application/suricata_extract_ignored_ip_src.inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$ds = 'ignored_ip_src';
+$unit_text = 'Ignored';
+$descr = 'By IP Src';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_sub.inc.php
+++ b/includes/html/graphs/application/suricata_extract_sub.inc.php
@@ -0,0 +1,11 @@
+<?php
+
+$ds = 'sub';
+$unit_text = 'Submissions';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_sub_2xx.inc.php
+++ b/includes/html/graphs/application/suricata_extract_sub_2xx.inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$ds = 'sub_2xx';
+$unit_text = 'HTML Status';
+$descr = '2xx';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_sub_3xx.inc.php
+++ b/includes/html/graphs/application/suricata_extract_sub_3xx.inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$ds = 'sub_3xx';
+$unit_text = 'HTML Status';
+$descr = '3xx';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_sub_4xx.inc.php
+++ b/includes/html/graphs/application/suricata_extract_sub_4xx.inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$ds = 'sub_4xx';
+$unit_text = 'HTML Status';
+$descr = '4xx';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_sub_5xx.inc.php
+++ b/includes/html/graphs/application/suricata_extract_sub_5xx.inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$ds = 'sub_5xx';
+$unit_text = 'HTML Status';
+$descr = '5xx';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_sub_codes.inc.php
+++ b/includes/html/graphs/application/suricata_extract_sub_codes.inc.php
@@ -0,0 +1,35 @@
+<?php
+
+require 'includes/html/graphs/common.inc.php';
+
+$scale_min = 0;
+$nototal = 1;
+$unit_text = 'HTTP Code';
+$unitlen = 15;
+$bigdescrlen = 20;
+$smalldescrlen = 15;
+$colours = 'rainbow';
+
+$array = [
+    'sub_2xx' => '2xx',
+    'sub_3xx' => '3xx',
+    'sub_4xx' => '4xx',
+    'sub_5xx' => '5xx',
+];
+
+$rrd_filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+$rrd_list = [];
+if (Rrd::checkRrdExists($rrd_filename)) {
+    $i = 0;
+    foreach ($array as $ds => $descr) {
+        $rrd_list[$i]['filename'] = $rrd_filename;
+        $rrd_list[$i]['descr'] = $descr;
+        $rrd_list[$i]['ds'] = $ds;
+        $i++;
+    }
+} else {
+    echo "file missing: $rrd_filename";
+}
+
+require 'includes/html/graphs/generic_multi_line_exact_numbers.inc.php';
--- a/includes/html/graphs/application/suricata_extract_sub_fail.inc.php
+++ b/includes/html/graphs/application/suricata_extract_sub_fail.inc.php
@@ -0,0 +1,11 @@
+<?php
+
+$ds = 'sub_fail';
+$unit_text = 'Sub Fails';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_sub_size.inc.php
+++ b/includes/html/graphs/application/suricata_extract_sub_size.inc.php
@@ -0,0 +1,11 @@
+<?php
+
+$ds = 'sub_size';
+$unit_text = 'Bytes';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_truncated.inc.php
+++ b/includes/html/graphs/application/suricata_extract_truncated.inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$ds = 'truncated';
+$unit_text = 'Files';
+$descr = 'Truncated';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';
--- a/includes/html/graphs/application/suricata_extract_zero_sized.inc.php
+++ b/includes/html/graphs/application/suricata_extract_zero_sized.inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$ds = 'zero_sized';
+$unit_text = 'Files';
+$descr = 'Zero Sized';
+$filename = Rrd::name($device['hostname'], ['app', 'suricata_extract', $app->app_id]);
+
+if (! Rrd::checkRrdExists($filename)) {
+    d_echo('RRD "' . $filename . '" not found');
+}
+
+require 'includes/html/graphs/generic_stats.inc.php';