Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/corelight/suricata_exporter

A Prometheus Exporter for Suricata
https://github.com/corelight/suricata_exporter

prometheus prometheus-exporter suricata

Last synced: about 1 month ago
JSON representation

A Prometheus Exporter for Suricata

Host: GitHub
URL: https://github.com/corelight/suricata_exporter
Owner: corelight
License: bsd-3-clause
Created: 2022-02-22T15:03:44.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2024-08-21T09:22:41.000Z (4 months ago)
Last Synced: 2024-08-21T10:47:59.508Z (4 months ago)
Topics: prometheus, prometheus-exporter, suricata
Language: Go
Homepage:
Size: 55.7 KB
Stars: 15
Watchers: 4
Forks: 11
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-suricata - suricata_exporter - Simple Prometheus exporter written in Go exporting stats metrics scraped from Suricata socket. (Operations, Monitoring and Troubleshooting)

README

# Suricata Prometheus Exporter

This is a Prometheus Exporter for Suricata using `dump-counters` via the
[unix socket](https://suricata.readthedocs.io/en/suricata-6.0.0/unix-socket.html#interacting-via-unix-socket)
to query metrics.

## Usage

```bash
$ ./suricata_exporter -h
Usage of ./suricata_exporter:
-suricata.socket-path string
Path to the Suricata Command socket. (default "/var/run/suricata.socket")
-version
Output version information.
-web.listen-address string
Address to listen on (default ":9917")
```

To verify the exporter is working with your Suricata setup, use the
following command to view a subset of the capture metrics.

```bash
$ curl -s localhost:9917/metrics | grep kernel_packets_total
# HELP suricata_capture_kernel_packets_total
# TYPE suricata_capture_kernel_packets_total counter
suricata_capture_kernel_packets_total{thread="W#01-eth1"} 7744
suricata_capture_kernel_packets_total{thread="W#02-eth1"} 8435
suricata_capture_kernel_packets_total{thread="W#03-eth1"} 7564
suricata_capture_kernel_packets_total{thread="W#04-eth1"} 9747
```

You can now configure a [Prometheus server](https://prometheus.io/docs/prometheus/latest/getting_started/)
to scrape the Suricata exporter in regular intervals for later visualization
and analysis.

## Metrics

Currently produces per-thread metrics for `decoder`, `flow`, `flow_bypassed`,
`app_layer` and `tcp`. Metrics for `memuse` are reported globally.

## Compatibility

Developed against Suricata 6.0.4 and af-packet. Most supported metrics are
hard-coded.

Updated for Suricata 7.0.0, but not all new metrics have been added.