{"id":19756619,"url":"https://github.com/esnet/zeek-exporter","last_synced_at":"2025-10-12T06:27:01.046Z","repository":{"id":46290317,"uuid":"209656819","full_name":"esnet/zeek-exporter","owner":"esnet","description":"Prometheus Exporter for Zeek","archived":false,"fork":false,"pushed_at":"2025-08-12T21:13:31.000Z","size":9693,"stargazers_count":20,"open_issues_count":2,"forks_count":5,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-08-12T22:28:51.640Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/esnet.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-09-19T22:09:02.000Z","updated_at":"2025-08-12T21:13:35.000Z","dependencies_parsed_at":"2025-08-12T22:18:51.837Z","dependency_job_id":"72a877e5-9367-4759-b4ca-26d4229f444c","html_url":"https://github.com/esnet/zeek-exporter","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/esnet/zeek-exporter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esnet%2Fzeek-exporter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esnet%2Fzeek-exporter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esnet%2Fzeek-exporter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esnet%2Fzeek-exporter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/esnet","download_url":"https://codeload.github.com/esnet/zeek-exporter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/esnet%2Fzeek-exporter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279010483,"owners_count":26084757,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T03:16:26.525Z","updated_at":"2025-10-12T06:27:01.032Z","avatar_url":"https://github.com/esnet.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Zeek Prometheus Exporter\n\n![Zeek 3.0 Status](https://img.shields.io/github/workflow/status/esnet/zeek-exporter/Zeek%203.0?label=v3.0\u0026logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMS4zNyAyMy4yNyI+PGRlZnM+PHN0eWxlPi5jbHMtMXtmaWxsOiNmZmY7fTwvc3R5bGU+PC9kZWZzPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTYuMjYsMTEuMzVhLjcuNywwLDAsMS0uNDYtLjE4bC01LjU4LTVBLjY5LjY5LDAsMCwxLDAsNS43YS43Mi43MiwwLDAsMSwuMTgtLjQ5bDAsMCwuMDUsMGgwbDUuNTQtNUEuNy43LDAsMCwxLDYuMjcsMGEuNi42LDAsMCwxLC4yNy4wNkEuNjcuNjcsMCwwLDEsNywuNjhMNi42OSwyLjkxSDE5LjgzYS42Ny42NywwLDAsMSwuNjEuMzkuNjguNjgsMCwwLDEtLjA4LjcxbC0xLjg0LDIuM2EuNjUuNjUsMCwwLDEtLjUyLjI1LjY4LjY4LDAsMCwxLS42OC0uNi42NS42NSwwLDAsMSwuMTUtLjVsMS0xLjE5SDZhLjY4LjY4LDAsMCwxLS42Ny0uNjhsLjE4LTEuMjdMMS42OCw1LjY4LDUuNDcsOSw1LjI5LDcuOEEuNjguNjgsMCwwLDEsNiw3LjA4bDEuMzYtLjE1LDAsLjYtLjExLS40Mi4wNi40M2EuMjEuMjEsMCwwLDAtLjE4LjIxQS4yMi4yMiwwLDAsMCw3LjMzLDh2LjFsMCwuNS0uNjItLjA2LjI2LDIuMTNhLjY4LjY4LDAsMCwxLS40MS42NUEuNjYuNjYsMCwwLDEsNi4yNiwxMS4zNVoiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0xNS4wOSwyMy4yN2EuNTguNTgsMCwwLDEtLjI2LS4wNi42OC42OCwwLDAsMS0uNDEtLjYybC4yNi0yLjI0SDEuNTRBLjcxLjcxLDAsMCwxLC45MiwyMCwuNjkuNjksMCwwLDEsMSwxOS4yNUwyLjg0LDE3YS42Ny42NywwLDAsMSwuNTMtLjI1LjcxLjcxLDAsMCwxLC40Mi4xNC42Ny42NywwLDAsMSwuMjUuNDYuNjkuNjksMCwwLDEtLjE0LjVMMywxOUgxNS4zOWEuNjcuNjcsMCwwLDEsLjY4LjY3TDE1Ljg5LDIxbDMuNzktMy4zN0wxNS45LDE0LjI0bC4xOCwxLjIyYS42OC42OCwwLDAsMS0uNjcuNzJMMTQsMTYuMzRsMC0uNjFoLjA3YS4yMy4yMywwLDAsMCwuMTctLjIyQS4yMi4yMiwwLDAsMCwxNCwxNS4zaDBsMC0uNnYuNWwuMDYtLjQ5LjU5LjA1LS4yNi0yLjEyYS42OS42OSwwLDAsMSwuNDEtLjY2LjU5LjU5LDAsMCwxLC4yNy0uMDUuNjcuNjcsMCwwLDEsLjQ2LjE4bDUuNTgsNWEuNjkuNjksMCwwLDEsLjIyLjQ4LjY2LjY2LDAsMCwxLS4xOS40OGwwLDAsMCwwLTUuNTUsNUEuNjguNjgsMCwwLDEsMTUuMDksMjMuMjdaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNNy4yMSwxNi4zNGEuODMuODMsMCwwLDEtLjc1LS40OEEuODEuODEsMCwwLDEsNi41OCwxNUwxMiw4LjU4SDcuMzJsLS4wNiwwYS44MS44MSwwLDAsMS0uNzMtLjgxLjgyLjgyLDAsMCwxLC43OS0uODJoNi41MWEuODMuODMsMCwwLDEsLjYzLDEuMzZMOSwxNC42OWg1YS44My44MywwLDAsMSwwLDEuNjVINy4yMVoiLz48L3N2Zz4=)\n![Zeek 3.1 Status](https://img.shields.io/github/workflow/status/esnet/zeek-exporter/Zeek%203.1?label=v3.1\u0026logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMS4zNyAyMy4yNyI+PGRlZnM+PHN0eWxlPi5jbHMtMXtmaWxsOiNmZmY7fTwvc3R5bGU+PC9kZWZzPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTYuMjYsMTEuMzVhLjcuNywwLDAsMS0uNDYtLjE4bC01LjU4LTVBLjY5LjY5LDAsMCwxLDAsNS43YS43Mi43MiwwLDAsMSwuMTgtLjQ5bDAsMCwuMDUsMGgwbDUuNTQtNUEuNy43LDAsMCwxLDYuMjcsMGEuNi42LDAsMCwxLC4yNy4wNkEuNjcuNjcsMCwwLDEsNywuNjhMNi42OSwyLjkxSDE5LjgzYS42Ny42NywwLDAsMSwuNjEuMzkuNjguNjgsMCwwLDEtLjA4LjcxbC0xLjg0LDIuM2EuNjUuNjUsMCwwLDEtLjUyLjI1LjY4LjY4LDAsMCwxLS42OC0uNi42NS42NSwwLDAsMSwuMTUtLjVsMS0xLjE5SDZhLjY4LjY4LDAsMCwxLS42Ny0uNjhsLjE4LTEuMjdMMS42OCw1LjY4LDUuNDcsOSw1LjI5LDcuOEEuNjguNjgsMCwwLDEsNiw3LjA4bDEuMzYtLjE1LDAsLjYtLjExLS40Mi4wNi40M2EuMjEuMjEsMCwwLDAtLjE4LjIxQS4yMi4yMiwwLDAsMCw3LjMzLDh2LjFsMCwuNS0uNjItLjA2LjI2LDIuMTNhLjY4LjY4LDAsMCwxLS40MS42NUEuNjYuNjYsMCwwLDEsNi4yNiwxMS4zNVoiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0xNS4wOSwyMy4yN2EuNTguNTgsMCwwLDEtLjI2LS4wNi42OC42OCwwLDAsMS0uNDEtLjYybC4yNi0yLjI0SDEuNTRBLjcxLjcxLDAsMCwxLC45MiwyMCwuNjkuNjksMCwwLDEsMSwxOS4yNUwyLjg0LDE3YS42Ny42NywwLDAsMSwuNTMtLjI1LjcxLjcxLDAsMCwxLC40Mi4xNC42Ny42NywwLDAsMSwuMjUuNDYuNjkuNjksMCwwLDEtLjE0LjVMMywxOUgxNS4zOWEuNjcuNjcsMCwwLDEsLjY4LjY3TDE1Ljg5LDIxbDMuNzktMy4zN0wxNS45LDE0LjI0bC4xOCwxLjIyYS42OC42OCwwLDAsMS0uNjcuNzJMMTQsMTYuMzRsMC0uNjFoLjA3YS4yMy4yMywwLDAsMCwuMTctLjIyQS4yMi4yMiwwLDAsMCwxNCwxNS4zaDBsMC0uNnYuNWwuMDYtLjQ5LjU5LjA1LS4yNi0yLjEyYS42OS42OSwwLDAsMSwuNDEtLjY2LjU5LjU5LDAsMCwxLC4yNy0uMDUuNjcuNjcsMCwwLDEsLjQ2LjE4bDUuNTgsNWEuNjkuNjksMCwwLDEsLjIyLjQ4LjY2LjY2LDAsMCwxLS4xOS40OGwwLDAsMCwwLTUuNTUsNUEuNjguNjgsMCwwLDEsMTUuMDksMjMuMjdaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNNy4yMSwxNi4zNGEuODMuODMsMCwwLDEtLjc1LS40OEEuODEuODEsMCwwLDEsNi41OCwxNUwxMiw4LjU4SDcuMzJsLS4wNiwwYS44MS44MSwwLDAsMS0uNzMtLjgxLjgyLjgyLDAsMCwxLC43OS0uODJoNi41MWEuODMuODMsMCwwLDEsLjYzLDEuMzZMOSwxNC42OWg1YS44My44MywwLDAsMSwwLDEuNjVINy4yMVoiLz48L3N2Zz4=)\n![Zeek 3.2 Status](https://img.shields.io/github/workflow/status/esnet/zeek-exporter/Zeek%203.2?label=v3.2\u0026logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMS4zNyAyMy4yNyI+PGRlZnM+PHN0eWxlPi5jbHMtMXtmaWxsOiNmZmY7fTwvc3R5bGU+PC9kZWZzPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTYuMjYsMTEuMzVhLjcuNywwLDAsMS0uNDYtLjE4bC01LjU4LTVBLjY5LjY5LDAsMCwxLDAsNS43YS43Mi43MiwwLDAsMSwuMTgtLjQ5bDAsMCwuMDUsMGgwbDUuNTQtNUEuNy43LDAsMCwxLDYuMjcsMGEuNi42LDAsMCwxLC4yNy4wNkEuNjcuNjcsMCwwLDEsNywuNjhMNi42OSwyLjkxSDE5LjgzYS42Ny42NywwLDAsMSwuNjEuMzkuNjguNjgsMCwwLDEtLjA4LjcxbC0xLjg0LDIuM2EuNjUuNjUsMCwwLDEtLjUyLjI1LjY4LjY4LDAsMCwxLS42OC0uNi42NS42NSwwLDAsMSwuMTUtLjVsMS0xLjE5SDZhLjY4LjY4LDAsMCwxLS42Ny0uNjhsLjE4LTEuMjdMMS42OCw1LjY4LDUuNDcsOSw1LjI5LDcuOEEuNjguNjgsMCwwLDEsNiw3LjA4bDEuMzYtLjE1LDAsLjYtLjExLS40Mi4wNi40M2EuMjEuMjEsMCwwLDAtLjE4LjIxQS4yMi4yMiwwLDAsMCw3LjMzLDh2LjFsMCwuNS0uNjItLjA2LjI2LDIuMTNhLjY4LjY4LDAsMCwxLS40MS42NUEuNjYuNjYsMCwwLDEsNi4yNiwxMS4zNVoiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0xNS4wOSwyMy4yN2EuNTguNTgsMCwwLDEtLjI2LS4wNi42OC42OCwwLDAsMS0uNDEtLjYybC4yNi0yLjI0SDEuNTRBLjcxLjcxLDAsMCwxLC45MiwyMCwuNjkuNjksMCwwLDEsMSwxOS4yNUwyLjg0LDE3YS42Ny42NywwLDAsMSwuNTMtLjI1LjcxLjcxLDAsMCwxLC40Mi4xNC42Ny42NywwLDAsMSwuMjUuNDYuNjkuNjksMCwwLDEtLjE0LjVMMywxOUgxNS4zOWEuNjcuNjcsMCwwLDEsLjY4LjY3TDE1Ljg5LDIxbDMuNzktMy4zN0wxNS45LDE0LjI0bC4xOCwxLjIyYS42OC42OCwwLDAsMS0uNjcuNzJMMTQsMTYuMzRsMC0uNjFoLjA3YS4yMy4yMywwLDAsMCwuMTctLjIyQS4yMi4yMiwwLDAsMCwxNCwxNS4zaDBsMC0uNnYuNWwuMDYtLjQ5LjU5LjA1LS4yNi0yLjEyYS42OS42OSwwLDAsMSwuNDEtLjY2LjU5LjU5LDAsMCwxLC4yNy0uMDUuNjcuNjcsMCwwLDEsLjQ2LjE4bDUuNTgsNWEuNjkuNjksMCwwLDEsLjIyLjQ4LjY2LjY2LDAsMCwxLS4xOS40OGwwLDAsMCwwLTUuNTUsNUEuNjguNjgsMCwwLDEsMTUuMDksMjMuMjdaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNNy4yMSwxNi4zNGEuODMuODMsMCwwLDEtLjc1LS40OEEuODEuODEsMCwwLDEsNi41OCwxNUwxMiw4LjU4SDcuMzJsLS4wNiwwYS44MS44MSwwLDAsMS0uNzMtLjgxLjgyLjgyLDAsMCwxLC43OS0uODJoNi41MWEuODMuODMsMCwwLDEsLjYzLDEuMzZMOSwxNC42OWg1YS44My44MywwLDAsMSwwLDEuNjVINy4yMVoiLz48L3N2Zz4=)\n![Zeek 3.3 Status](https://img.shields.io/github/workflow/status/esnet/zeek-exporter/Zeek%203.3?label=v3.3\u0026logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMS4zNyAyMy4yNyI+PGRlZnM+PHN0eWxlPi5jbHMtMXtmaWxsOiNmZmY7fTwvc3R5bGU+PC9kZWZzPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTYuMjYsMTEuMzVhLjcuNywwLDAsMS0uNDYtLjE4bC01LjU4LTVBLjY5LjY5LDAsMCwxLDAsNS43YS43Mi43MiwwLDAsMSwuMTgtLjQ5bDAsMCwuMDUsMGgwbDUuNTQtNUEuNy43LDAsMCwxLDYuMjcsMGEuNi42LDAsMCwxLC4yNy4wNkEuNjcuNjcsMCwwLDEsNywuNjhMNi42OSwyLjkxSDE5LjgzYS42Ny42NywwLDAsMSwuNjEuMzkuNjguNjgsMCwwLDEtLjA4LjcxbC0xLjg0LDIuM2EuNjUuNjUsMCwwLDEtLjUyLjI1LjY4LjY4LDAsMCwxLS42OC0uNi42NS42NSwwLDAsMSwuMTUtLjVsMS0xLjE5SDZhLjY4LjY4LDAsMCwxLS42Ny0uNjhsLjE4LTEuMjdMMS42OCw1LjY4LDUuNDcsOSw1LjI5LDcuOEEuNjguNjgsMCwwLDEsNiw3LjA4bDEuMzYtLjE1LDAsLjYtLjExLS40Mi4wNi40M2EuMjEuMjEsMCwwLDAtLjE4LjIxQS4yMi4yMiwwLDAsMCw3LjMzLDh2LjFsMCwuNS0uNjItLjA2LjI2LDIuMTNhLjY4LjY4LDAsMCwxLS40MS42NUEuNjYuNjYsMCwwLDEsNi4yNiwxMS4zNVoiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0xNS4wOSwyMy4yN2EuNTguNTgsMCwwLDEtLjI2LS4wNi42OC42OCwwLDAsMS0uNDEtLjYybC4yNi0yLjI0SDEuNTRBLjcxLjcxLDAsMCwxLC45MiwyMCwuNjkuNjksMCwwLDEsMSwxOS4yNUwyLjg0LDE3YS42Ny42NywwLDAsMSwuNTMtLjI1LjcxLjcxLDAsMCwxLC40Mi4xNC42Ny42NywwLDAsMSwuMjUuNDYuNjkuNjksMCwwLDEtLjE0LjVMMywxOUgxNS4zOWEuNjcuNjcsMCwwLDEsLjY4LjY3TDE1Ljg5LDIxbDMuNzktMy4zN0wxNS45LDE0LjI0bC4xOCwxLjIyYS42OC42OCwwLDAsMS0uNjcuNzJMMTQsMTYuMzRsMC0uNjFoLjA3YS4yMy4yMywwLDAsMCwuMTctLjIyQS4yMi4yMiwwLDAsMCwxNCwxNS4zaDBsMC0uNnYuNWwuMDYtLjQ5LjU5LjA1LS4yNi0yLjEyYS42OS42OSwwLDAsMSwuNDEtLjY2LjU5LjU5LDAsMCwxLC4yNy0uMDUuNjcuNjcsMCwwLDEsLjQ2LjE4bDUuNTgsNWEuNjkuNjksMCwwLDEsLjIyLjQ4LjY2LjY2LDAsMCwxLS4xOS40OGwwLDAsMCwwLTUuNTUsNUEuNjguNjgsMCwwLDEsMTUuMDksMjMuMjdaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNNy4yMSwxNi4zNGEuODMuODMsMCwwLDEtLjc1LS40OEEuODEuODEsMCwwLDEsNi41OCwxNUwxMiw4LjU4SDcuMzJsLS4wNiwwYS44MS44MSwwLDAsMS0uNzMtLjgxLjgyLjgyLDAsMCwxLC43OS0uODJoNi41MWEuODMuODMsMCwwLDEsLjYzLDEuMzZMOSwxNC42OWg1YS44My44MywwLDAsMSwwLDEuNjVINy4yMVoiLz48L3N2Zz4=)\n![Zeek master Status](https://img.shields.io/github/workflow/status/esnet/zeek-exporter/Zeek%20master?label=master\u0026logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMS4zNyAyMy4yNyI+PGRlZnM+PHN0eWxlPi5jbHMtMXtmaWxsOiNmZmY7fTwvc3R5bGU+PC9kZWZzPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTYuMjYsMTEuMzVhLjcuNywwLDAsMS0uNDYtLjE4bC01LjU4LTVBLjY5LjY5LDAsMCwxLDAsNS43YS43Mi43MiwwLDAsMSwuMTgtLjQ5bDAsMCwuMDUsMGgwbDUuNTQtNUEuNy43LDAsMCwxLDYuMjcsMGEuNi42LDAsMCwxLC4yNy4wNkEuNjcuNjcsMCwwLDEsNywuNjhMNi42OSwyLjkxSDE5LjgzYS42Ny42NywwLDAsMSwuNjEuMzkuNjguNjgsMCwwLDEtLjA4LjcxbC0xLjg0LDIuM2EuNjUuNjUsMCwwLDEtLjUyLjI1LjY4LjY4LDAsMCwxLS42OC0uNi42NS42NSwwLDAsMSwuMTUtLjVsMS0xLjE5SDZhLjY4LjY4LDAsMCwxLS42Ny0uNjhsLjE4LTEuMjdMMS42OCw1LjY4LDUuNDcsOSw1LjI5LDcuOEEuNjguNjgsMCwwLDEsNiw3LjA4bDEuMzYtLjE1LDAsLjYtLjExLS40Mi4wNi40M2EuMjEuMjEsMCwwLDAtLjE4LjIxQS4yMi4yMiwwLDAsMCw3LjMzLDh2LjFsMCwuNS0uNjItLjA2LjI2LDIuMTNhLjY4LjY4LDAsMCwxLS40MS42NUEuNjYuNjYsMCwwLDEsNi4yNiwxMS4zNVoiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0xNS4wOSwyMy4yN2EuNTguNTgsMCwwLDEtLjI2LS4wNi42OC42OCwwLDAsMS0uNDEtLjYybC4yNi0yLjI0SDEuNTRBLjcxLjcxLDAsMCwxLC45MiwyMCwuNjkuNjksMCwwLDEsMSwxOS4yNUwyLjg0LDE3YS42Ny42NywwLDAsMSwuNTMtLjI1LjcxLjcxLDAsMCwxLC40Mi4xNC42Ny42NywwLDAsMSwuMjUuNDYuNjkuNjksMCwwLDEtLjE0LjVMMywxOUgxNS4zOWEuNjcuNjcsMCwwLDEsLjY4LjY3TDE1Ljg5LDIxbDMuNzktMy4zN0wxNS45LDE0LjI0bC4xOCwxLjIyYS42OC42OCwwLDAsMS0uNjcuNzJMMTQsMTYuMzRsMC0uNjFoLjA3YS4yMy4yMywwLDAsMCwuMTctLjIyQS4yMi4yMiwwLDAsMCwxNCwxNS4zaDBsMC0uNnYuNWwuMDYtLjQ5LjU5LjA1LS4yNi0yLjEyYS42OS42OSwwLDAsMSwuNDEtLjY2LjU5LjU5LDAsMCwxLC4yNy0uMDUuNjcuNjcsMCwwLDEsLjQ2LjE4bDUuNTgsNWEuNjkuNjksMCwwLDEsLjIyLjQ4LjY2LjY2LDAsMCwxLS4xOS40OGwwLDAsMCwwLTUuNTUsNUEuNjguNjgsMCwwLDEsMTUuMDksMjMuMjdaIi8+PHBhdGggY2xhc3M9ImNscy0xIiBkPSJNNy4yMSwxNi4zNGEuODMuODMsMCwwLDEtLjc1LS40OEEuODEuODEsMCwwLDEsNi41OCwxNUwxMiw4LjU4SDcuMzJsLS4wNiwwYS44MS44MSwwLDAsMS0uNzMtLjgxLjgyLjgyLDAsMCwxLC43OS0uODJoNi41MWEuODMuODMsMCwwLDEsLjYzLDEuMzZMOSwxNC42OWg1YS44My44MywwLDAsMSwwLDEuNjVINy4yMVoiLz48L3N2Zz4=)\n\n![Overview Screenshot](./imgs/overview.png \"Dashboard Overview\")\n\nThis is a Zeek plugin which will track performance and health metrics in real-time, and run a web server which can\nbe scraped with [Prometheus](https://prometheus.io/).\n\n# Overview\n\n## Installation\n\n### Install the Package\n\n`$ zkg install zeek-exporter`\n\n### Configure Binds and Scraping\n\nThe scripts will assign each node a unique port. By default, it will bind to all addresses (0.0.0.0).\n\nA Prometheus scrape target example for file discovery is available in [prometheus/target.yml](./prometheus/target.yml).\n\nThe easiest way to get the list of ports is via `zeekctl`:\n\n```\n$ zeekctl print Exporter::bind_port\nzeek-logger   Exporter::bind_port = 9101/tcp\nzeek-manager   Exporter::bind_port = 9102/tcp\nzeek-proxy   Exporter::bind_port = 9103/tcp\nzeek-worker-1   Exporter::bind_port = 9104/tcp\nzeek-worker-2   Exporter::bind_port = 9105/tcp\nzeek-worker-3   Exporter::bind_port = 9106/tcp\nzeek-worker-4   Exporter::bind_port = 9107/tcp\n```\n\nScrapes can occur as often as you need, and you can track how long scrapes take in the `exposer_request_latencies` metric.\nOur scrapes take about 0.2 seconds, and we scrape every 10 seconds, to detect some micro-bursts.\n\nThe cost of frequent scrapes is disk space on the Prometheus system, and increased memory/computation when generating the graphs.\n\nA Grafana dashboard is included in [prometheus/dashboard.json](./prometheus/dashboard.json).\n\n## How It Works\n\nTo get the necessary visibility, each node in a Zeek cluster will run this plugin and a Prometheus exporter.\n\nMetrics are tracked individually for each node.\n\nThe plugin uses some of the available hooks to inspect function calls, log writes, and even itself and other plugin hooks.\n\n## What It Can Measure\n\nThe following are instrumented at a high granularity:\n\n* Scripts,\n* Built In Functions (BIFs),\n* Plugins implemented via hooks\n\n## What It Can't Measure\n\nWhile we have total CPU run-time, we don't have fine-grained visibility into:\n\n* The core I/O loop,\n* Protocol and file analyzers,\n\n## What Impact Will This Have?\n\nDon't know, but you can measure it!\n\nOn ESnet systems, the impact ranges from 0.05% to 15%. Workers are impacted most heavily, and the impact is determined by\nthe volume of event and function calls. The function call hook is the most expensive, adding about 2 microseconds to every\nfunction call. However, on a very busy system, with \u003e 100k calls/second, this will add up to 200ms each second.\n\n# Advanced \n\n## Argument Labels\n\nFor increased visibility into some functions, simply having the function name isn't enough. For instance, for SumStats,\nwe'd like to be able to measure the cost of each SumStat (`detect-sqli-victims` versus `detect-ssh-bruteforcing`). To do this,\nwe augment the metrics with additional labels for Prometheus.\n\nThere's a Zeek option available, `Exporter::addl_functions` which allows you to define which events and functions to add labels for.\n\nThere are two labels available, `arg` and `addl`.\nThis supports the case of, for instance, for the `unknown_protocol` weird, grabbing the `addl` value telling you which protocol was unknown.\n\nFor more information, see the [Zeek script documentation](./doc/html/index.html).\n\n## Detailed Metrics Information\n\n### Wall-Clock and CPU Time\n\n\u003cimg src=\"./imgs/wallclock.png\" width=600 /\u003e\n\n* `zeek_start_time_seconds` The epoch timestamp of when the process was started. Used to detect periodic crashes.\n\n* `zeek_total_cpu_time_seconds`\n   The total amount of CPU time spent in this process. This uses the standard library `clock()` function call, which returns\n   an approximation. This can give an idea of how much \"headroom\" there is before more resources are needed.\n   \n   _Note_: The logger node runs multiple threads, which will result in an inaccurate count in most cases, as they get scheduled on different CPUs and execute in parallel.\n\n### Number of Invocations\n\n\u003cimg src=\"./imgs/invocations.png\" width=600 /\u003e\n\n* `zeek_function_calls_total` The number of times Zeek functions were called, by function and parent function. This can be used to identify the most common execution path in scripts.\n\n* `zeek_hooks_total` The number of times Zeek plugin hooks were called. This can be used to identify the most common execution paths in plugins.\n\n* `zeek_log_writes_total` The number of log writes per log, writer and filter. This is mainly used to understand the network traffic profile.\n\n### Function and Plugin Hook Durations, by Type\n\n* `zeek_cpu_time_per_function_type_seconds` The amount of time spent in Zeek functions, by type.\n    Types are Built In Functions (BIFs), and the three script-land function types: events, hooks, and functions.\n    Note that script hooks are different from plugin hooks.\n     \n* `zeek_hook_cpu_time_seconds` The amount of time spent in Zeek plugin hooks, by hook name.\n \n### Function Durations, by Function and Parent Function\n\n\u003cimg src=\"./imgs/func_times.png\" width=600 /\u003e\n\nThere are two very similar metrics, one which includes execution time in child functions, and one which doesn't.\n\n* `zeek_cpu_time_per_function_seconds` The amount of time spent in Zeek functions, by function and parent function. \n    Note that this includes the time any child functions take to execute, and as such will count those \n    executions multiple times when summed.\n\n* `zeek_absolute_cpu_time_per_function_seconds` The \"absolute\" amount of time spent in Zeek functions. These\n    metrics *do not* include the time spent in child functions, and thus will give valid data when summed.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fesnet%2Fzeek-exporter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fesnet%2Fzeek-exporter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fesnet%2Fzeek-exporter/lists"}