10.1. List of available metrics from version 2.5.3.105

10.1.1. Internal metrics

Name

Unit Dimensions

Comments

netdata.runtime_proc_net_dev

run time ms

Execution time of the script for collecting information on the interfaces

netdata.runtime_xdp_filter

run time ms

Execution time of the script for collecting information on XDP filters

netdata.runtime_disk_usage

run time ms

Execution time of the script for collecting information on disk usage

netdata.runtime_proc_meminfo

run time ms

Execution time of the script for collecting information on memory usage

netdata.runtime_proc_loadavg

run time ms

Execution time of the script for collecting information on the GCap load

netdata.runtime_proc_uptime

run time ms

Execution time of the script for collecting information on the uptime

netdata.runtime_proc_vmstat

run time ms

Execution time of the script for collecting information on the virtual memory

netdata.runtime_proc_stat

run time ms

Execution time of the script for collecting information on CPU usage details

netdata.runtime_high_availability

run time ms

Execution time of the script for collecting information on the high availability

netdata.runtime_sys_block

run time ms

Execution time of the script for collecting information on the I/O disks

netdata.runtime_proc_net_softnet_stat

run time ms

Execution time of the script for collecting information on the network stack

netdata.runtime_suricata

run time ms

Execution time of the script for collecting information on Sigflow

netdata.runtime_codebreaker

run time ms

Execution time of the script for collecting information on Codebreaker

netdata.web_thread[1-6]_cpu

user system ms/s

CPU usage time of netdata threads

netdata.plugin_diskspace_dt

duration ms/run

Execution time of the script for collecting information on disk space

netdata.plugin_diskspace

user system ms/s

CPU usage time of the disk space information collection plugin

10.1.2. Details of Sigflow counters

10.1.2.1. Details of Counter Alerts - Number of Sigflow alerts found

Name

Dimensions

Comments

suricata.alert

Alerts.value

Number of Sigflow alerts found

10.1.2.2. Details of Codebreaker samples counters - Files analysed by Codebreaker

Name

Dimensions

Comments

codebreaker.shellcode_samples

plain encoded

Shellcodes detected without encoding / Shellcodes detected with encoding

codebreaker.powershell_samples

Powershell.value

Number of malicious Powershell scripts detected

10.1.2.3. Details of the Protocols counters - Lists of protocols seen by Sigflow

The following counters display the number of events observed by Sigflow about each protocol.

Name

Dimensions

Unit

Comments

suricata.dhcp

DHCP.value

number

protocole DHCP

suricata.dnp3

DNP3.value

number

DNP3 protocol

suricata.dns

DNS.value

number

DNS protocol

suricata.ftp

FTP.value

number

FTP protocol

suricata.http

HTTP.value

number

HTTP protocol

suricata.http2

HTTP2.value

number

HTTP2 protocol

suricata.ikev2

IKEv2.value

number

IKEv2 protocol

suricata.krb5

krb5.value

number

KRB5 protocol

suricata.mqtt

MQTT.value

number

MQTT protocol

suricata.netflow

NETFLOW.value

number

NETFLOW Protocol

suricata.nfs

NFS.value

number

NFS protocol

suricata.rdp

RDP.value

number

RDP protocol

suricata.rfb

RFB.value

number

RFB protocol

suricata.sip

SIP.value

number

SIP protocol

suricata.smb

SMB.value

number

SMB protocol

suricata.smtp

SMTP.value

number

SMTP protoco

suricata.snmp

SNMP.value

number

SNMP protocol

suricata.ssh

SSH.value

number

SSH protocol

suricata.tftp

TFTP.value

number

TFTP protocol

suricata.tls

TLS.value

number

TLS protocol

suricata.tunnel

tunnel.value

number

tunnel protocol

10.1.2.4. Details of the Detection Engine Stats counters - Statistics of Sigflow (monitoring-engine)

Name

Dimensions

Comments

suricata.Status

alive.value

Status of the Sigflow container and the detection engine (boolean)

suricata.total

total.value

Total number of events observed

suricata.fileinfo

extracted

sent

duplicated

Number of files extracted

Number of files sent

Number of files duplicated

suricata.received_packets

ReceivedPackets.value

DroppedPackets.value

Number of packages captured

Number of packets dropped

suricata.rules

RulesLoaded.value

RulesFailed.value

Number of rules loaded and validated

Number of rules that could not be loaded

suricata.tcp_sessions

TcpSessions.value

Number of TCP sessions observed by Sigflow

suricata.tcp_pkt_on_wrong_thread

TcpPktOnWrongThread.value

Misrouted packets par Sigflow

suricata.flows

FlowTCP.value

FlowUDP.value

Number of TCP sessions observed

Number of UDP sessions observed

10.1.3. Details of GCap statistics counters and health information.

10.1.3.1. Details of quota counters

Name

Dimensions

Comments

quotas.uid.block

block.used

block.soft_limit

block.hard_limit

Number of blocks used

Software limit

Hardware limit

quotas.uid.file

file.used

file.soft_limit

file.hard_limit

Number of files used

Software limit

Hardware limit

quotas.uid.grace

grace.block

grace.file

Grace time for the blocks

Grace time for the files

10.1.3.2. Details of cpu_stats counters - CPU statistics

Name

Dimensions

Unit

Comments

proc_stat.interrupts

interrupts

intr/s

Number of interruptions per second

proc_stat.processes

- running

blocked

processes

Status of the processes

proc_stat.cpu.cpu(0n)

- softirq

irq

- user

- system

- nice

iowait

- idle

percentage

Percentage of CPU usage

10.1.3.3. System information

Name

Dimensions

Unit

Comments

sys_block.blocks.<disque>

read

written

bytes

I/O on the disk <disque>

proc_uptime.uptime

uptime.uptime

seconds

System uptime

disk_inodes.<partition>

avail

used

reserved for root

inodes

Use of the partition's inodes <partition>

xdp_filter.dropped_bytes

dropped_bytes

bytes

Volume dropped per XDP

xdp_filter.dropped_packets

dropped_packets

pkts

Packets dropped per XDP

xdp_filter.bypassed_half_flows

bypassed_half_flows

half flows

Number of half flows dropped per XDP

10.1.3.4. Details of high_availability counters - High availability (HA) information

Name

Dimensions

Unit

Comments

high_availability.ha_status

ha.status

boolean

HA enabled (1) or not (0)

(1) ou non (0)

high_availability.leader_status

ha.health_status

boolean

Node status

(0: slave or not configured / 1: leader)

high_availability.health_status

ha.health_status

boolean

Ability of the node to become a leader

(0: no or not configured / 1: OK)

high_availability.last_received_status

ha.last_status

seconds

Duration since change of status

10.1.3.5. Details of interface counters - Statistics on network interfaces

Name

Dimensions

Unit

Comments

proc_net_dev.net.**<iface>**

received

sent

bytes

Traffic on the interface <iface>

proc_net_dev.net_drops.**<iface>**

rx drops

tx drops

pkts

Number of packets lost on the interface <iface>

proc_net_dev.net_errors.**<iface>**

rx errors

tx errors

pkts

Number of packets in error on the interface <iface>

proc_net_dev.net_pkts.**<iface>**

received

sent

pkts

Number of packets on the interface <iface>

10.1.3.6. Details of meminfo counters - Statistics on RAM

Name

Dimensions

Comments

suricata.memuse

MemUseTCP.value

MemUseTCPReassembly

MemUseFlow.value

MemUseHTTP.value

MemUseFTP.value

TCP memory

TCP reassembly memory

Flows memory

HTTP memory

FTP memory

suricata.memcap

MemCapTCPSession.value

MemCapTCPSegment.value

MemCapFlow.value

MemCapHTTP.value

MemCapFTP.value

TCP session allocation failures

TCP segment allocation failures

Flow allocation failures

HTTP allocation failures

FTP allocation failures

proc_meminfo.ram

free

used

cached

buffers

Unused memory in kilo-Bytes

Memory used

Memory used by the cache

Memory used by operations

proc_meminfo.available

available

Total physical memory in kilo-Bytes

proc_meminfo.swap

swap_free

swap_used

swap_cached

swap file available

swap file used

swap file used for caching

proc_meminfo.kernel

kernel.slab

kernel.kernel_stack

kernel.page_tables

kernel.v_malloc_used

Memory used by kernel data structures

Memory used by kernel stack allocations

Memory used for page management

Memory used by large memory areas allocated by the kernel

proc_meminfo.hugepages

hugepages_free

hugepages_used

hugepages.surplus

hugepages.reserved

Number of huge transparent pages available

Number of huge transparent pages used

Number of extra huge transparent pages

Number of huge transparent pages reserved

10.1.3.7. Details of numastat counters - Statistics on NUMA nodes

Name

Dimensions

Unit

Comments

numa_stat

numa_hit

MiB

Memory successfully allocated in this node as expected

numa_stat

MiB

Memory allocated in this node despite process preferences

Each numa_miss has a numa_foreign in another node

numa_foreign

MiB

Memory intended for this node, but currently allocated in a different node

other_node

MiB

Memory allocated in this node while a process was running in another node

interleave_hit

MiB

Interleaved memory successfully allocated in this node

local_node

MiB

Memory allocated in this node while a process was running on it

10.1.3.8. Details of softnet counters - Statistics on received packets according to processor cores

Name

Dimensions

Unit

Comments

proc_net_softnet_stat.cpu[0-n].packets

Processed

Dropped

Flow limit count

Process queue lengths

pkts

Packets processed on the relevant cpu

proc_net_softnet_stat.cpu[0n].sched

Received RPS (IPI schedules)

Time squeeze

events

network stack events on the relevant cpu

proc_net_softnet_stat.summed.packets

Processed

Dropped

Flow limit count

Input/Process queue lengths

pkts

Packets processed by the network stack

10.1.3.9. Details of `virtualmemory` counters - Swap space information (swap)

Name

Dimensions

Unit

Comments

proc_vmstat.swapio

in

out

pkts

I/O swap

proc_vmstat.pagefaults

minor

major

faults/s

Memory Page Faults /s