stats

package
v1.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2026 License: MPL-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Cache 

type Cache struct {
	// contains filtered or unexported fields
}

Cache holds in-memory SID statistics Implements bounded memory via caps on SIDs and sources per SID. Protects against CWE-400 (Uncontrolled Resource Consumption).

func NewCache 

func NewCache() (*Cache, error)

NewCache creates a new statistics cache with bounded memory

func (*Cache) Clear 

func (c *Cache) Clear()

Clear removes all statistics

func (*Cache) GetAllStats 

func (c *Cache) GetAllStats() []*SIDStats

GetAllStats returns all SID statistics

func (*Cache) GetRecentSIDs 

func (c *Cache) GetRecentSIDs(duration time.Duration) []*SIDStats

GetRecentSIDs returns SIDs triggered in the last duration

func (*Cache) GetSIDStats 

func (c *Cache) GetSIDStats(sid string) (*SIDStats, bool)

GetSIDStats returns statistics for a specific SID

func (*Cache) GetSize 

func (c *Cache) GetSize() int

GetSize returns the number of tracked SIDs

func (*Cache) GetStats added in v1.0.28 

func (c *Cache) GetStats() map[string]int

GetStats returns memory usage statistics for monitoring

func (*Cache) GetTopSIDs 

func (c *Cache) GetTopSIDs(n int) []*SIDStats

GetTopSIDs returns top N SIDs by trigger count

func (*Cache) GetTotalTriggers 

func (c *Cache) GetTotalTriggers() int

GetTotalTriggers returns total trigger count across all SIDs

func (*Cache) GetUniqueSIDs 

func (c *Cache) GetUniqueSIDs() int

GetUniqueSIDs returns the number of unique SIDs

func (*Cache) GetUniqueSources 

func (c *Cache) GetUniqueSources() int

GetUniqueSources returns total unique source IPs across all SIDs

func (*Cache) Load 

func (c *Cache) Load() error

Load reads cache snapshot from disk

func (*Cache) RecordTrigger 

func (c *Cache) RecordTrigger(sid, category, signature, sourceIP string, timestamp time.Time)

RecordTrigger records a SID trigger event

func (*Cache) Save 

func (c *Cache) Save() error

Save writes cache snapshot to disk

func (*Cache) StartAutoSave 

func (c *Cache) StartAutoSave(interval time.Duration)

StartAutoSave starts periodic snapshot saving

type Collector 

type Collector struct {
	// contains filtered or unexported fields
}

Collector manages eve.json parsing and statistics collection

func NewCollector 

func NewCollector(cache *Cache) (*Collector, error)

NewCollector creates a new statistics collector

func (*Collector) GetStats 

func (c *Collector) GetStats() map[string]interface{}

GetStats returns current statistics summary

func (*Collector) ProcessHistorical 

func (c *Collector) ProcessHistorical(maxLines int) error

ProcessHistorical processes existing eve.json for historical data

func (*Collector) Start 

func (c *Collector) Start() error

Start begins collecting statistics from eve.json

func (*Collector) Stop 

func (c *Collector) Stop()

Stop stops the collector

type EveAlert 

type EveAlert struct {
	Timestamp string `json:"timestamp"`
	EventType string `json:"event_type"`
	SrcIP     string `json:"src_ip"`
	DestIP    string `json:"dest_ip"`
	Alert     struct {
		Signature   string `json:"signature"`
		SignatureID int    `json:"signature_id"`
		Category    string `json:"category"`
		Severity    int    `json:"severity"`
	} `json:"alert"`
}

EveAlert represents a Suricata alert from eve.json

type Metrics 

type Metrics struct {
	// SID trigger counters
	SIDTriggers *prometheus.CounterVec

	// SID last trigger timestamp
	SIDLastTrigger *prometheus.GaugeVec

	// Unique source IPs per SID
	SIDUniqueSources *prometheus.GaugeVec

	// User actions (enabled/disabled)
	SIDUserEnabled  *prometheus.GaugeVec
	SIDUserDisabled *prometheus.GaugeVec

	// Category aggregates
	CategoryTriggers *prometheus.CounterVec

	// Alert severity
	AlertSeverity *prometheus.CounterVec

	// Performance metrics
	ProcessingLatency prometheus.Histogram
	EventsProcessed   prometheus.Counter
	ParseErrors       prometheus.Counter

	// Service-level metrics (for web UI alignment)
	ServiceRunning   prometheus.Gauge
	RulesTotal       prometheus.Gauge
	RulesEnabled     prometheus.Gauge
	AlertsLast24h    prometheus.Gauge
	DropRate         prometheus.Gauge
	MemoryUsageBytes prometheus.Gauge
	UptimeSeconds    prometheus.Gauge
}

Metrics holds all Suricata-related Prometheus metrics

func GetMetrics 

func GetMetrics() *Metrics

GetMetrics returns the singleton metrics instance

func InitMetrics 

func InitMetrics() *Metrics

InitMetrics initializes Prometheus metrics (singleton)

func (*Metrics) ClearUserDisabled 

func (m *Metrics) ClearUserDisabled(sid string)

ClearUserDisabled clears user-disabled flag for a SID

func (*Metrics) ClearUserEnabled 

func (m *Metrics) ClearUserEnabled(sid, mode string)

ClearUserEnabled clears user-enabled flag for a SID

func (*Metrics) RecordParseError 

func (m *Metrics) RecordParseError()

RecordParseError increments parse error counter

func (*Metrics) RecordSeverity 

func (m *Metrics) RecordSeverity(severity string)

RecordSeverity records alert severity

func (*Metrics) RecordTrigger 

func (m *Metrics) RecordTrigger(sid, category, signature string, timestamp float64, sourceIP string)

RecordTrigger records a SID trigger event

func (*Metrics) SetAlertsLast24h added in v1.2.3 

func (m *Metrics) SetAlertsLast24h(count int)

SetAlertsLast24h sets alerts count for last 24 hours

func (*Metrics) SetDropRate added in v1.2.3 

func (m *Metrics) SetDropRate(rate float64)

SetDropRate sets packet drop rate

func (*Metrics) SetMemoryUsage added in v1.2.3 

func (m *Metrics) SetMemoryUsage(bytes int64)

SetMemoryUsage sets memory usage in bytes

func (*Metrics) SetRulesCount added in v1.2.3 

func (m *Metrics) SetRulesCount(total, enabled int)

SetRulesCount sets total and enabled rules count

func (*Metrics) SetServiceRunning added in v1.2.3 

func (m *Metrics) SetServiceRunning(running bool)

SetServiceRunning sets Suricata service running status

func (*Metrics) SetUptime added in v1.2.3 

func (m *Metrics) SetUptime(seconds float64)

SetUptime sets service uptime in seconds

func (*Metrics) SetUserDisabled 

func (m *Metrics) SetUserDisabled(sid string)

SetUserDisabled sets user-disabled flag for a SID

func (*Metrics) SetUserEnabled 

func (m *Metrics) SetUserEnabled(sid, mode string)

SetUserEnabled sets user-enabled flag for a SID

type SIDStats 

type SIDStats struct {
	SID           string          `json:"sid"`
	Category      string          `json:"category"`
	Signature     string          `json:"signature"`
	TriggerCount  int             `json:"trigger_count"`
	LastTrigger   time.Time       `json:"last_trigger"`
	FirstTrigger  time.Time       `json:"first_trigger"`
	UniqueSources map[string]bool `json:"-"` // Not serialized (capped in memory)
	SourceCount   int             `json:"source_count"`
	SourceIPs     []string        `json:"source_ips,omitempty"` // Top 10 for display
}

SIDStats holds statistics for a single SID

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.