7.2. List of available metrics from version 2.5.3.105

7.2.1. Internal metrics

Name

Unit Dimensions

Comments

netdata.runtime_proc_net_dev

run time ms

Execution time of the script for collecting information on the interfaces

netdata.runtime_xdp_filter

run time ms

Execution time of the script for collecting information on XDP filters

netdata.runtime_disk_usage

run time ms

Execution time of the script for collecting information on disk usage

netdata.runtime_proc_meminfo

run time ms

Execution time of the script for collecting information on memory usage

netdata.runtime_proc_loadavg

run time ms

Execution time of the script for collecting information on the GCap load

netdata.runtime_proc_uptime

run time ms

Execution time of the script for collecting information on the uptime

netdata.runtime_proc_vmstat

run time ms

Execution time of the script for collecting information on the virtual memory

netdata.runtime_proc_stat

run time ms

Execution time of the script for collecting information on CPU usage details

netdata.runtime_high_availability

run time ms

Execution time of the script for collecting information on the high availability

netdata.runtime_sys_block

run time ms

Execution time of the script for collecting information on the I/O disks

netdata.runtime_proc_net_softnet_stat

run time ms

Execution time of the script for collecting information on the network stack

netdata.runtime_suricata

run time ms

Execution time of the script for collecting information on Sigflow

netdata.runtime_codebreaker

run time ms

Execution time of the script for collecting information on Codebreaker

netdata.web_thread[1-6]_cpu

user system ms/s

CPU usage time of netdata threads

netdata.plugin_diskspace_dt

duration ms/run

Execution time of the script for collecting information on disk space

netdata.plugin_diskspace

user system ms/s

CPU usage time of the disk space information collection plugin


7.2.2. Details of Sigflow counters

7.2.2.1. Alerts counter details - Number of Sigflow alerts found

Name

Dimensions

Comments

suricata.alert

Alerts.value

Number of Sigflow alerts found


7.2.2.2. Codebreaker samples counter details - Files analysed by Codebreaker

Name

Dimensions

Comments

codebreaker.shellcode_samples

plain encoded

Shellcodes detected without encoding / Shellcodes detected with encoding

codebreaker.powershell_samples

Powershell.value

Number of malicious Powershell scripts detected


7.2.2.3. Details of the Protocols counters - Lists of protocols seen by Sigflow

The following counters display the number of events observed by Sigflow about each protocol.

Name

Dimensions

Units

Comments

suricata.dhcp

DHCP.value

number

DHCP protocol

suricata.dnp3

DNP3.value

number

DNP3 protocol

suricata.dns

DNS.value

number

DNS protocol

suricata.ftp

FTP.value

number

FTP protocol

suricata.http

HTTP.value

number

HTTP protocol

suricata.http2

HTTP2.value

number

HTTP2 protocol

suricata.ikev2

IKEv2.value

number

IKEv2 protocol

suricata.krb5

krb5.value

number

KRB5 protocol

suricata.mqtt

MQTT.value

number

MQTT protocol

suricata.netflow

NETFLOW.value

number

NETFLOW Protocol

suricata.nfs

NFS.value

number

NFS protocol

suricata.rdp

RDP.value

number

RDP protocol

suricata.rfb

RFB.value

number

RFB protocol

suricata.sip

SIP.value

number

SIP protocol

suricata.smb

SMB.value

number

SMB protocol

suricata.smtp

SMTP.value

number

SMTP protocol

suricata.snmp

SNMP.value

number

SNMP protocol

suricata.ssh

SSH.value

number

SSH protocol

suricata.tftp

TFTP.value

number

TFTP protocol

suricata.tls

TLS.value

number

TLS protocol

suricata.tunnel

tunnel.value

number

tunnel protocol


7.2.2.4. Details of the Detection Engine Stats counters - Statistics of Sigflow (monitoring-engine)

Name

Dimensions

Comments

suricata.Status

alive.value

Status of the Sigflow container and the detection engine (boolean)

suricata.total

total.value

Total number of events observed

suricata.fileinfo

  • extracted

  • sent

  • duplicated

  • Number of files extracted

  • Number of files sent

  • Number of files duplicated

suricata.received_packets

  • ReceivedPackets.value

  • DroppedPackets.value

  • Number of packages captured

  • Number of packets dropped

suricata.rules

  • RulesLoaded.value

  • RulesFailed.value

  • Number of rules loaded and validated

  • Number of rules that could not be loaded

suricata.tcp_sessions

TcpSessions.value

Number of TCP sessions observed by Sigflow

suricata.tcp_pkt_on_wrong_thread

TcpPktOnWrongThread.value

Misrouted packets by Sigflow

suricata.flows

  • FlowTCP.value

  • FlowUDP.value

  • Number of TCP sessions observed

  • Number of UDP sessions observed


7.2.3. Details of GCap statistics counters and health information.

7.2.3.1. Details of quota counters

Name

Dimensions

Commens

quotas.uid.block

  • block.used

  • block.soft_limit

  • block.hard_limit

  • Number of blocks used

  • Software limit

  • Hardware limit

quotas.uid.file

  • file.used

  • file.soft_limit

  • file.hard_limit

  • Number of files used

  • Software limit

  • Hardware limit

quotas.uid.grace

  • grace.block

  • grace.file

  • Grace time for the blocks

  • Grace time for the files


7.2.3.2. Details of cpu_stats counters - CPU statistics

Name

Dimensions

Unit

Comments

proc_stat.interrupts

  • interrupts

  • intr/s

  • Number of interruptions per second

proc_stat.processes

  • running

  • blocked

  • processes

  • Status of the processes

proc_stat.cpu.cpu[0-n]

  • softirq

  • irq

  • user

  • system

  • nice

  • iowait

  • idle

  • percentage

  • Percentage of CPU usage


7.2.3.3. System information

Name

Dimensions

Unit

Comments

sys_block.blocks.<disque>

read
written

bytes

I/O on the disk <disk>

proc_uptime.uptime

uptime.uptime

seconds

System uptime

disk_inodes.<partition>

avail
used
reserved for root

inodes

Use of the partition's inodes <partition>

xdp_filter.dropped_bytes

dropped_bytes

bytes

Volume dropped per XDP

xdp_filter.dropped_packets

dropped_packets

pkts

Packets dropped per XDP

xdp_filter.bypassed_half_flows

bypassed_half_flows

half flows

Number of half flows dropped per XDP


7.2.3.4. Details of high_availability counters - High availability (HA) information

Name

Dimensions

Unit

Comments

high_availability.ha_status

ha.status

boolean

HA enabled (1) or not (0)

high_availability.leader_status

ha.health_status

boolean

Node status (0: slave or not configured / 1: leader)

high_availability.health_status

ha.health_status

boolean

Ability of the node to become a leader (0: no or not configured / 1: OK)

high_availability.last_received_status

ha.last_status

seconds

Duration since change of status


7.2.3.5. Details of interface counters - Statistics on network interfaces

Name

Dimensions

Unit

Comments

proc_net_dev.net.**<iface>**

  • received

  • sent

bytes

Traffic on the interface <iface>

proc_net_dev.net_drops.**<iface>**

  • rx drops

  • tx drops

pkts

Number of packets lost on the interface <iface>

proc_net_dev.net_errors.**<iface>**

  • rx errors

  • tx errors

pkts

Number of packets in error on the interface <iface>

proc_net_dev.net_pkts.**<iface>**

  • received

  • sent

pkts

Number of packets on the interface <iface>


7.2.3.6. Details of loadavg counters - Statistics on the GCap average load

Name

Dimensions

Comments

proc_loadavg.Load_average

  • load.load1

  • load.load5

  • load.load15

  • Average load over the last minute

  • Average load over the last five minutes

  • Average load over the last fifteen minutes

proc_loadavg.Active_processes

active_processes.active

Number of active processes


7.2.3.7. Details of meminfo counters - Statistics on RAM

Name

Dimensions

Comments

suricata.memuse

  • MemUseTCP.value

  • MemUseTCPReassembly

  • MemUseFlow.value

  • MemUseHTTP.value

  • MemUseFTP.value

  • TCP memory

  • TCP reassembly memory

  • Flows memory

  • HTTP memory

  • FTP memory

suricata.memcap

  • MemCapTCPSession.value

  • MemCapTCPSegment.value

  • MemCapFlow.value

  • MemCapHTTP.value

  • MemCapFTP.value

  • TCP session allocation failures

  • TCP segment allocation failures

  • Flow allocation failures

  • HTTP allocation failures

  • FTP allocation failures

proc_meminfo.ram

  • free

  • used

  • cached

  • buffers

  • Unused memory in kilobytes

  • Memory used

  • Memory used by the cache

  • Memory used by operations

proc_meminfo.available

available

Total physical memory in kilobytes

proc_meminfo.swap

  • swap_free

  • swap_used

  • swap_cached

  • swap file available

  • swap file used

  • swap file used for caching

proc_meminfo.kernel

  • kernel.slab

  • kernel.kernel_stack

  • kernel.page_tables

  • kernel.v_malloc_used

  • Memory used by kernel data structures

  • Memory used by kernel stack allocations

  • Memory used for page management

  • Memory used by large memory areas allocated by the kernel

proc_meminfo.hugepages

  • hugepages_free

  • hugepages_used

  • hugepages.surplus

  • hugepages.reserved

  • Number of huge transparent pages available

  • Number of huge transparent pages used

  • Number of extra huge transparent pages

  • Number of huge transparent pages reserved


7.2.3.8. Details of numastat counters - Statistics on NUMA nodes

Name

Dimensions

Unit

Comments

numa_stat

numa_hit

MiB

Memory successfully allocated in this node as expected

numa_stat

MiB

  • Memory allocated in this node despite process preferences

  • Each numa_miss has a numa_foreign in another node

numa_foreign

MiB

Memory intended for this node, but currently allocated in a different node

other_node

MiB

Memory allocated in this node while a process was running in another node

interleave_hit

MiB

Interleaved memory successfully allocated in this node

local_node

MiB

Memory allocated in this node while a process was running on it


7.2.3.9. Details of softnet counters - Statistics on received packets according to processor cores

Name

Dimensions

Unit

Comments

proc_net_softnet_stat.cpu[0-n].packets

  • Processed

  • Dropped

  • Flow limit count

  • Process queue lengths

pkts

Packets processed on the relevant cpu

proc_net_softnet_stat.cpu[0-n].sched

  • Received RPS (IPI schedules)

  • Time squeeze

events

network stack events on the relevant cpu

proc_net_softnet_stat.summed.packets

  • Processed

  • Dropped

  • Flow limit count

  • Input/Process queue lengths

pkts

Packets processed by the network stack


7.2.3.10. Details of virtualmemory counters - Information on swap space

Name

Dimensions

Unit

Comments

proc_vmstat.swapio

  • in

  • out

pkts

I/O swap

proc_vmstat.pagefaults

  • minor

  • major

faults/s

Memory Page Faults /s