diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-03-06 17:31:26 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-03-06 17:38:05 +0100 |
| commit | 46f68501d575431656b5254a4bda8acb2982ab77 (patch) | |
| tree | 030c68ea408f61de131b93a51b1394648c4a7b85 /schema | |
| parent | 9db048c9d93a00adf4b258d2341b24229d2a45a1 (diff) | |
Added daemon event: DAEMON_EVENT_STATUS (periodically send's daemon statistics.)
* Improved distributor timeout handling (per-thread).
* flow-info.py / flow-dash.py: Distinguish between flow risk severities.
* nDPId: Skip tag switch datalink packet dissection / processing.
* nDPId: Fixed incorrect value for current active flows.
* Improved JSON schema's.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'schema')
| -rw-r--r-- | schema/basic_event_schema.json | 9 | ||||
| -rw-r--r-- | schema/daemon_event_schema.json | 68 | ||||
| -rw-r--r-- | schema/flow_event_schema.json | 18 | ||||
| -rw-r--r-- | schema/packet_event_schema.json | 4 |
4 files changed, 85 insertions, 14 deletions
diff --git a/schema/basic_event_schema.json b/schema/basic_event_schema.json index 1dad5d11b..2a40524d0 100644 --- a/schema/basic_event_schema.json +++ b/schema/basic_event_schema.json @@ -7,7 +7,8 @@ "packet_id", "basic_event_id", "basic_event_name", - "datalink" + "datalink", + "global_ts_msec" ], "if": { @@ -100,7 +101,7 @@ "datalink": { "type": "number", "minimum": 0, - "maximum": 265 + "maximum": 292 }, "layer_type": { @@ -141,6 +142,10 @@ }, "max_idle": { "type": "number" + }, + "global_ts_msec": { + "type": "number", + "minimum": 0 } }, "additionalProperties": false diff --git a/schema/daemon_event_schema.json b/schema/daemon_event_schema.json index 72b0b61a2..fa6a4bdd9 100644 --- a/schema/daemon_event_schema.json +++ b/schema/daemon_event_schema.json @@ -6,19 +6,20 @@ "thread_id", "packet_id", "daemon_event_id", - "daemon_event_name" + "daemon_event_name", + "global_ts_msec" ], "if": { - "properties": { "daemon_event_name": { "const": "init" } } + "properties": { "daemon_event_name": { "enum": [ "init", "reconnect" ] } } }, "then": { "required": [ "max-flows-per-thread", "max-idle-flows-per-thread", "tick-resolution", "reader-thread-count", "flow-scan-interval", "generic-max-idle-time", "icmp-max-idle-time", "udp-max-idle-time", "tcp-max-idle-time", "max-packets-per-flow-to-send", "max-packets-per-flow-to-process" ] }, "if": { - "properties": { "daemon_event_name": { "const": "shutdown" } } + "properties": { "daemon_event_name": { "enum": [ "status", "shutdown" ] } } }, "then": { - "required": [ "total-events-serialized" ] + "required": [ "packets-captured", "packets-processed", "total-skipped-flows", "total-l4-data-len", "total-not-detected-flows", "total-guessed-flows", "total-detected-flows", "total-detection-updates", "total-updates", "current-active-flows", "total-active-flows", "total-idle-flows", "total-events-serialized" ] }, "properties": { "alias": { @@ -39,7 +40,7 @@ "daemon_event_id": { "type": "number", "minimum": 0, - "maximum": 3 + "maximum": 4 }, "daemon_event_name": { "type": "string", @@ -47,9 +48,11 @@ "invalid", "init", "reconnect", - "shutdown" + "shutdown", + "status" ] }, + "max-flows-per-thread": { "type": "number" }, @@ -83,9 +86,62 @@ "max-packets-per-flow-to-send": { "type": "number" }, + + "packets-captured": { + "type": "number", + "minimum": 0 + }, + "packets-processed": { + "type": "number", + "minimum": 0 + }, + "total-skipped-flows": { + "type": "number", + "minimum": 0 + }, + "total-l4-data-len": { + "type": "number", + "minimum": 0 + }, + "total-not-detected-flows": { + "type": "number", + "minimum": 0 + }, + "total-guessed-flows": { + "type": "number", + "minimum": 0 + }, + "total-detected-flows": { + "type": "number", + "minimum": 0 + }, + "total-detection-updates": { + "type": "number", + "minimum": 0 + }, + "total-updates": { + "type": "number", + "minimum": 0 + }, + "current-active-flows": { + "type": "number", + "minimum": 0 + }, + "total-active-flows": { + "type": "number", + "minimum": 0 + }, + "total-idle-flows": { + "type": "number", + "minimum": 0 + }, "total-events-serialized": { "type": "number", "minimum": 1 + }, + "global_ts_msec": { + "type": "number", + "minimum": 0 } }, "additionalProperties": false diff --git a/schema/flow_event_schema.json b/schema/flow_event_schema.json index 1e2751833..385fcf192 100644 --- a/schema/flow_event_schema.json +++ b/schema/flow_event_schema.json @@ -20,7 +20,7 @@ "l3_proto", "l4_proto", "midstream", - "ts_msec", + "thread_ts_msec", "src_ip", "dst_ip" ], @@ -96,7 +96,7 @@ "flow_datalink": { "type": "number", "minimum": 0, - "maximum": 265 + "maximum": 292 }, "flow_packets_processed": { "type": "number" @@ -158,7 +158,7 @@ "minimum": 0, "maximum": 1 }, - "ts_msec": { + "thread_ts_msec": { "type": "number", "minimum": 0 }, @@ -197,7 +197,7 @@ "return": true }, "else": { - "required": [ "category" ] + "required": [ "category", "confidence" ] }, "proto": { @@ -211,6 +211,16 @@ }, "flow_risk": { "type": "object" + }, + "confidence": { + "type": "string", + "enum": [ + "0", + "1", + "2", + "3", + "4" + ] } }, "entropy": { diff --git a/schema/packet_event_schema.json b/schema/packet_event_schema.json index 675c4fb14..d5b85f9e4 100644 --- a/schema/packet_event_schema.json +++ b/schema/packet_event_schema.json @@ -14,7 +14,7 @@ "pkt_l4_offset", "pkt_len", "pkt_l4_len", - "ts_msec" + "thread_ts_msec" ], "dependencies" : { @@ -93,7 +93,7 @@ "minimum": 0, "maximum": 65535 }, - "ts_msec": { + "thread_ts_msec": { "type": "number", "minimum": 0 }, |