Project

General

Profile

Actions

Bug #6398

closed

Suricata 7.0.1 threads object in stats contains memcap_pressure scalars

Added by Arne Welzel about 1 year ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The suricata_exporter translating from Suricata's dump-counters JSON output to Prometheus metrics expects all entries in the "threads" object to map thread names to further JSON objects containing stats for individual threads.

  "threads": {
    "thread_name": { ... },
    ...
   }

With Suricata 7.0.1, the "threads" object now also contains following memcap_pressure_ entries that aren't actual threads and don't have a type object as value:

    "threads" 
      "FM#01": {
        "flow": {
          "mgr": {
              ...
      },
      "memcap_pressure": 0,
      "memcap_pressure_max": 0,
      "FM#02": {
        "flow": {
          "mgr": {
                ...

Entries for "memcap_pressure" and "memcap_pressure_max" exist in the top-level "message", too, so they seem 1) redundant and 2) out-of place in the "threads" object.

Jeff pointed out commit 2d96b6e13b799fa40a5d3a7d5cd7729af614ab1a as a possible culprit.

After reverting that commit, the "memcap_pressure_" entries indeed show up under the flow-manager threads again which looks much more expected. The entry in the top-level "message", however, vanished.

      "FM#01": {
        "flow": {
          "mgr": {
             ...
        "memcap_pressure": 5,
        "memcap_pressure_max": 5
      },
      "FM#02": {
        "flow": {
          "mgr": {
             ...
        "memcap_pressure": 0,
        "memcap_pressure_max": 0
      },


Files

dump-counters-7.0.1.json (59 Bytes) dump-counters-7.0.1.json Arne Welzel, 10/12/2023 01:19 PM

Related issues 1 (0 open1 closed)

Blocked by Suricata - Bug #6732: Suricata 7.0.2 parent interface object in stats contains VLAN-ID as keysClosedArne WelzelActions
Actions #1

Updated by Arne Welzel about 1 year ago

Ah, here's the issue to the original report - I forgot to include it in the description:

https://github.com/corelight/suricata_exporter/issues/11

Actions #2

Updated by Jeff Lucovsky 8 months ago

  • Blocked by Bug #6738: dpdk: property configuration can lead to integer overflow (7.0.x backport) added
Actions #3

Updated by Jeff Lucovsky 8 months ago

  • Blocked by Bug #6732: Suricata 7.0.2 parent interface object in stats contains VLAN-ID as keys added
Actions #4

Updated by Jason Ish 8 months ago

  • Blocked by deleted (Bug #6738: dpdk: property configuration can lead to integer overflow (7.0.x backport))
Actions #5

Updated by Jeff Lucovsky 7 months ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jeff Lucovsky
  • Target version changed from TBD to 8.0.0-beta1
Actions #6

Updated by Jeff Lucovsky 7 months ago

  • Status changed from Assigned to In Review
Actions #7

Updated by Jeff Lucovsky 7 months ago

  • Status changed from In Review to Resolved
Actions #8

Updated by Jeff Lucovsky 6 months ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF