mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
0bbcde1227
* initial work on add the ability to save/fetch app data
* update to use get_app_data for ZFS
* update the poller for the new app_data stuff
* ZFS now logs changes to pools
* add schema update for app_data stuff
* small formatting fix
* add a missing \
* now adds a column
* sql-schema is no longer used, so remove the file that was added here
* misc cleanups
* rename the method in database/migrations/2022_07_03_1947_add_app_data.php
* hopefully fix the migration bit
* add the column to misc/db_schema.yaml
* more misc small DB fixes
* update the test as the json column uses collat of utf8mb4_bin
* revert the last change and try manually setting it to what is expected
* remove a extra ;
* update suricata as well
* correct the instance -> instances in one location to prevent the old instance list from being stomped
* remove a extra ;
* update fail2ban to use it as well
* remove two unused functions as suricata and fail2ban no longer use components
* style cleanup
* postgres poller updated to use it
* update html side of the postgres bits
* chronyd now uses app data bits now as well
* portactivity now uses it as well
* style fix
* sort the returned arrays from app_data
* correct log message for port activity
* collocation change
* try re-ordering it
* add in the new data column to the tests
* remove a extra ,
* hmm... ->collate('utf8mb4_unicode_ci') is not usable as apparently collate does not exist
* change the column type from json to longtext
* mv chronyd stuff while I sort out the rest of the tests... damn thing is always buggy
* hmm... fix a missing line then likely move stuff back
* style fix
* add fillable
* add the expexcted data for fail2ban json
* escape a " I missed
* add data for portactivity
* add suricata app data
* add app data to zfs legacy test
* put the moved tests back into place and update zfs-v1 test
* add app data for chronyd test
* add app data for fail2ban legacy test
* update zfs v1 app data
* add some notes on application dev work
* add Developing/Application-Notes.md to mkdocs.yml
* add data column to it
* added various suggestions from bennet-esyoil
* convert from isset to sizeof
* type fix
* fully remove the old save app data function and move it into a helper function... the other still needs cleaned up prior to removal
* update docs
* get_app_data is fully removed now as well
* a few style fixes
* add $casts
* update chronyd test
* attempt to fix the data
* more doc cleanup and try changing the cast
* style fix
* revert the changes to the chronyd test
* apply a few of murrant's suggestions
* document working with ->data as json and non-josn
* remove two no-longer used in this PR exceptions
* ->data now operates transparently
* style fix
* update data tests
* fix json
* test fix
* update the app notes to reflect how app data now works
* app test fix
* app data fix for linux_lsi
* json fix
* minor doc cleanup
* remove duplicate querty and use json_decode instead
* style fix
* modelize the app poller
* use a anon func instead of foreach
* test update
* style cleanup
* style cleanup
* another test cleanup
* more test cleanup
* reverse the test changes and add in some more glue code
* revert one of the test changes
* another small test fix
* Make things use models
Left some array access, but those will still work just fine.
* missed chronyd and portactivity
* rename poll to avoid make it any confusion
* Remove extra save and fix timestamp
* save any changes made to app->data
* nope, that was not it
* What are magic methods and how do they work?
* fix two typos
* update linux_lsi test
* change quote type
Co-authored-by: Tony Murray <murraytony@gmail.com>
1263 lines
41 KiB
JSON
1263 lines
41 KiB
JSON
{
|
|
"applications": {
|
|
"discovery": {
|
|
"applications": [
|
|
{
|
|
"app_type": "suricata",
|
|
"app_state": "UNKNOWN",
|
|
"discovered": 1,
|
|
"app_state_prev": null,
|
|
"app_status": "",
|
|
"app_instance": "",
|
|
"data": null
|
|
}
|
|
]
|
|
},
|
|
"poller": {
|
|
"applications": [
|
|
{
|
|
"app_type": "suricata",
|
|
"app_state": "OK",
|
|
"discovered": 1,
|
|
"app_state_prev": "UNKNOWN",
|
|
"app_status": "",
|
|
"app_instance": "",
|
|
"data": "{\"instances\":[\"ids\"]}"
|
|
}
|
|
],
|
|
"application_metrics": [
|
|
{
|
|
"metric": ".total_af_dcerpc_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_dcerpc_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_dhcp",
|
|
"value": 52,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_dns_tcp",
|
|
"value": 1901,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_dns_udp",
|
|
"value": 556315,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_failed_tcp",
|
|
"value": 4260,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_failed_udp",
|
|
"value": 8121,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_ftp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_ftp_data",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_http",
|
|
"value": 30855,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_ikev2",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_imap",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_krb5_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_krb5_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_mqtt",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_nfs_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_nfs_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_ntp",
|
|
"value": 1682,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_rdp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_rfb",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_sip",
|
|
"value": 1,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_smb",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_smtp",
|
|
"value": 1408,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_snmp",
|
|
"value": 14203,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_ssh",
|
|
"value": 37,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_tftp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_af_tls",
|
|
"value": 126907,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_alert",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_dcerpc_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_dcerpc_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_dhcp",
|
|
"value": 2571,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_dns_tcp",
|
|
"value": 3806,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_dns_udp",
|
|
"value": 1207694,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_ftp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_ftp_data",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_http",
|
|
"value": 31784,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_ikev2",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_imap",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_krb5_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_krb5_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_mqtt",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_nfs_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_nfs_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_ntp",
|
|
"value": 2409,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_rdp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_rfb",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_sip",
|
|
"value": 4137,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_smb",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_smtp",
|
|
"value": 2108,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_snmp",
|
|
"value": 433976,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_ssh",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_tftp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_at_tls",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_bytes",
|
|
"value": 7587094274,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_avg_pkt_size",
|
|
"value": 513,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_chdlc",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_ethernet",
|
|
"value": 14772989,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_geneve",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_ieee8021ah",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_invalid",
|
|
"value": 4,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_ipv4",
|
|
"value": 14616928,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_ipv4_in_ipv6",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_ipv6",
|
|
"value": 428,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_max_pkt_size",
|
|
"value": 1514,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_mpls",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_mx_mac_addrs_d",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_mx_mac_addrs_s",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_packets",
|
|
"value": 14772989,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_ppp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_pppoe",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_raw",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_sctp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_sll",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_tcp",
|
|
"value": 9921619,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_teredo",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_too_many_layer",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_udp",
|
|
"value": 4120492,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_vlan",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_vlan_qinq",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_vntag",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dec_vxlan",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_drop_delta",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_drop_percent",
|
|
"value": "0.00000",
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_dropped",
|
|
"value": 12750,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_error_delta",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_error_percent",
|
|
"value": "0.00000",
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_errors",
|
|
"value": 1,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_f_icmpv4",
|
|
"value": 3667,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_f_icmpv6",
|
|
"value": 371,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_f_memuse",
|
|
"value": 8567872,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_f_tcp",
|
|
"value": 287482,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_f_udp",
|
|
"value": 580374,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_ftp_memuse",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_http_memuse",
|
|
"value": 155770,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_ifdrop_delta",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_ifdrop_percent",
|
|
"value": "0.00000",
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_ifdropped",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_packet_delta",
|
|
"value": 55223,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_packets",
|
|
"value": 14785697,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_tcp_memuse",
|
|
"value": 2425072,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_tcp_reass_memuse",
|
|
"value": 16676636,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": ".total_uptime",
|
|
"value": 104890,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "alert",
|
|
"value": 0.0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_dcerpc_tcp",
|
|
"value": 0.0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_dcerpc_udp",
|
|
"value": 0.0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_dhcp",
|
|
"value": 52.0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_dns_tcp",
|
|
"value": 1901.0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_dns_udp",
|
|
"value": 556315.0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_failed_tcp",
|
|
"value": 4260,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_failed_udp",
|
|
"value": 8121,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_ftp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_ftp_data",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_http",
|
|
"value": 30855,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_ikev2",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_imap",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_krb5_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_krb5_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_mqtt",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_nfs_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_nfs_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_ntp",
|
|
"value": 1682,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_rdp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_rfb",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_sip",
|
|
"value": 1,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_smb",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_smtp",
|
|
"value": 1408,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_snmp",
|
|
"value": 14203,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_ssh",
|
|
"value": 37,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_tftp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_af_tls",
|
|
"value": 126907,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_alert",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_dcerpc_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_dcerpc_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_dhcp",
|
|
"value": 2571,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_dns_tcp",
|
|
"value": 3806,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_dns_udp",
|
|
"value": 1207694,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_ftp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_ftp_data",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_http",
|
|
"value": 31784,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_ikev2",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_imap",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_krb5_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_krb5_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_mqtt",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_nfs_tcp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_nfs_udp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_ntp",
|
|
"value": 2409,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_rdp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_rfb",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_sip",
|
|
"value": 4137,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_smb",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_smtp",
|
|
"value": 2108,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_snmp",
|
|
"value": 433976,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_ssh",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_tftp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_at_tls",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_bytes",
|
|
"value": 7587094274,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_avg_pkt_size",
|
|
"value": 513,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_chdlc",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_ethernet",
|
|
"value": 14772989,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_geneve",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_ieee8021ah",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_invalid",
|
|
"value": 4,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_ipv4",
|
|
"value": 14616928,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_ipv4_in_ipv6",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_ipv6",
|
|
"value": 428,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_max_pkt_size",
|
|
"value": 1514,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_mpls",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_mx_mac_addrs_d",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_mx_mac_addrs_s",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_packets",
|
|
"value": 14772989,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_ppp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_pppoe",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_raw",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_sctp",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_sll",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_tcp",
|
|
"value": 9921619,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_teredo",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_too_many_layer",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_udp",
|
|
"value": 4120492,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_vlan",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_vlan_qinq",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_vntag",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dec_vxlan",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_drop_delta",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_drop_percent",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_dropped",
|
|
"value": 12750,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_error_delta",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_error_percent",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_errors",
|
|
"value": 1,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_f_icmpv4",
|
|
"value": 3667,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_f_icmpv6",
|
|
"value": 371,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_f_memuse",
|
|
"value": 8567872,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_f_tcp",
|
|
"value": 287482,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_f_udp",
|
|
"value": 580374,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_ftp_memuse",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_http_memuse",
|
|
"value": 155770,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_ifdrop_delta",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_ifdrop_percent",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_ifdropped",
|
|
"value": 0,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_packet_delta",
|
|
"value": 55223,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_packets",
|
|
"value": 14785697,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_tcp_memuse",
|
|
"value": 2425072,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_tcp_reass_memuse",
|
|
"value": 16676636,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
},
|
|
{
|
|
"metric": "ids_uptime",
|
|
"value": 104890,
|
|
"value_prev": null,
|
|
"app_type": "suricata"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|