valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d74fa4033f
osquery-1/osquery/numeric_monitoring/numeric_monitoring.cpp

116 lines
3.3 KiB
C++
Raw Normal View History

Numeric monitoring system concept (#4626) Just an interface and simple implementation dumping points to file on disk. And I add also few monitoring records to some places of osquery code as an example. Brief Just an interface and simple implementation dumping points to file on disk. And I add also few monitoring records to some places of osquery code as an example. Motivation osquery can monitor system health. But at some point we need to monitor the condition of osquery itself. Vast majority of interesting parameters can be represented by numbers. How many queries it runs, how long does each query takes, what is the performance hit of each query, how long was last downtime and so on and so far. For obviou s reason it hard to measure most of this parameters by external instrument. And it is almost impossible to evaluate it on production. But we can do it from inside of osquery. What this PR is for The systems like graphite or RRDtool can store and plot time-series data for us. We just have to be able to feed data to it. We can create different plugins to be able to send data to different instruments. And we need some proper internal interface to all potential plugins. This PR is attempt to create generic interface. Interface description The most systems accept data as sequences of 2-dimensional points. One of the dimensions is value, the other is time. Each particular sequence has unique key, to be distinguished from the others. Data descriptions for carbon. I have used this three parameters as an attributes of one monitoring point. To send one point from some particular place in the code you just need to call the function record from namespace monitoring declared in the file include/osquery/num eric_monitoring.h with 3 arguments (path, value, time). Where path is the unique key of sequence; value is some interesting value to watch; time is the time of the point (can be omitted, current system time is the default vaule).
2018-07-09 12:19:50 +00:00
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under both the Apache 2.0 license (found in the
* LICENSE file in the root directory of this source tree) and the GPLv2 (found
* in the COPYING file in the root directory of this source tree).
* You may select, at your option, one of the above-listed licenses.
*/
#include <unordered_map>
#include <boost/format.hpp>
#include <osquery/flags.h>
#include <osquery/logger.h>
#include <osquery/numeric_monitoring.h>
#include <osquery/numeric_monitoring/plugin_interface.h>
#include <osquery/registry_factory.h>
namespace osquery {
FLAG(bool,
enable_numeric_monitoring,
false,
"Enable numeric monitoring system");
FLAG(string,
numeric_monitoring_plugins,
"filesystem",
"Coma separated numeric monitoring plugins names");
namespace {
using monitoring::PreAggregationType;
template <typename KeyType, typename ValueType>
inline auto reverseMap(const std::unordered_map<KeyType, ValueType>& straight) {
auto reversed = std::unordered_map<ValueType, KeyType>{};
for (const auto& item : straight) {
reversed.emplace(item.second, item.first);
}
return reversed;
}
const auto& getAggregationTypeToStringTable() {
const auto static table = std::unordered_map<PreAggregationType, std::string>{
{PreAggregationType::None, "none"},
{PreAggregationType::Sum, "sum"},
{PreAggregationType::Min, "min"},
{PreAggregationType::Max, "max"},
};
return table;
}
const auto& getStringToAggregationTypeTable() {
const auto static table = reverseMap(getAggregationTypeToStringTable());
return table;
}
} // namespace
template <>
std::string to<std::string>(const monitoring::PreAggregationType& from) {
auto it = getAggregationTypeToStringTable().find(from);
if (it == getAggregationTypeToStringTable().end()) {
LOG(ERROR) << "Unknown PreAggregationType "
<< static_cast<std::underlying_type<PreAggregationType>::type>(
from)
<< " could not be converted to the string";
return "";
}
return it->second;
}
template <>
Expected<monitoring::PreAggregationType, ConversionError>
tryTo<monitoring::PreAggregationType>(const std::string& from) {
auto it = getStringToAggregationTypeTable().find(from);
if (it == getStringToAggregationTypeTable().end()) {
return createError(
ConversionError::InvalidArgument,
boost::str(
boost::format(
"Wrong string representation of `PreAggregationType`: \"%s\"") %
from));
}
return it->second;
}
namespace monitoring {
void record(const std::string& path,
ValueType value,
PreAggregationType pre_aggregation,
TimePoint time_point) {
if (!FLAGS_enable_numeric_monitoring) {
return;
}
auto status = Registry::call(
registryName(),
FLAGS_numeric_monitoring_plugins,
{
{recordKeys().path, path},
{recordKeys().value, std::to_string(value)},
{recordKeys().timestamp,
std::to_string(time_point.time_since_epoch().count())},
{recordKeys().pre_aggregation, to<std::string>(pre_aggregation)},
});
if (!status.ok()) {
LOG(ERROR) << "Failed to send numeric monitoring record: " << status.what();
}
}
} // namespace monitoring
} // namespace osquery
Reference in New Issue Copy Permalink