Awesome
Suricata Prometheus Exporter
This is a Prometheus Exporter for Suricata using dump-counters
via the
unix socket
to query metrics.
Usage
$ ./suricata_exporter -h
Usage of ./suricata_exporter:
-suricata.socket-path string
Path to the Suricata Command socket. (default "/var/run/suricata.socket")
-version
Output version information.
-web.listen-address string
Address to listen on (default ":9917")
To verify the exporter is working with your Suricata setup, use the following command to view a subset of the capture metrics.
$ curl -s localhost:9917/metrics | grep kernel_packets_total
# HELP suricata_capture_kernel_packets_total
# TYPE suricata_capture_kernel_packets_total counter
suricata_capture_kernel_packets_total{thread="W#01-eth1"} 7744
suricata_capture_kernel_packets_total{thread="W#02-eth1"} 8435
suricata_capture_kernel_packets_total{thread="W#03-eth1"} 7564
suricata_capture_kernel_packets_total{thread="W#04-eth1"} 9747
You can now configure a Prometheus server to scrape the Suricata exporter in regular intervals for later visualization and analysis.
Metrics
Currently produces per-thread metrics for decoder
, flow
, flow_bypassed
,
app_layer
and tcp
. Metrics for memuse
are reported globally.
Compatibility
Developed against Suricata 6.0.4 and af-packet. Most supported metrics are hard-coded.
Updated for Suricata 7.0.0, but not all new metrics have been added.