Metrics

The pcap converter process generates lots of metrics during the processing of DNS and ICMP data. Metrics have the form of simple key/value pairs. The key is a unique metric name and the value is a counter value. The metrics can only be sent to a Graphite monitoring server. See Graphite for more information.

Metrics use a naming schema which starts with a configurable prefix and is followed with the name server name. If the name server name contains any dots then these are replaced by underscores, otherwise Graphite assumes a tree structure when there is none. The following example show the dns.request.count metric with the prefix "entrada" and the name sever name "ns.dns.nl".

 ENTRADA.ns1_dns_nl.dns.request.count

The dynamic prefix is configured with the ENTRADA-settings.properties config file. The name server name is determined by the pcap filename prefix.

DNS

Metric name Description
dns.message.count count of all request+response packets
dns.request.count count of requests
dns.response.count count of DNS responses
dns.response.norequest.count count of response without request
dns.request.qtype.<qtype>.count count of qtype
dns.request.rcode.<rcode>.count count of rcode
dns.request.opcode.<opcode>.count count of opcode
dns.tcp.session.count count of tcp session reuse
dns.domainname.count count of distinct domain names
dns.response.bytes.size number of bytes for responses
dns.request.bytes.size number of bytes for requests
dns.decode.error.count count of packet decode error
tcp.packet.count count of IP packets with protocol tcp
udp.packet.count count of IP packets with protocol udp
udp.request.fragmented.count count of fragmented udp requests
udp.response.fragmented.count count of fragmented udp responses
tcp.request.fragmented.count count of fragmented tcp requests
tcp.response.fragmented.count count of fragmented tcp responses
ip.version.4.count count of IPv4 packets
ip.version.6.count count of IPv6 packets
ip.count count of distinct IP addresses
country.count count of distinct countries
asn.count count of distinct ASNs
time.duration seconds of processing time
run.error.count count of application crashes
tcp.prefix.error.count count of broken tcp sessions
state.persist.udp.flow.count count of the udp flows persisted in-between processing runs
state.persist.tcp.flow.count count of the tcp flows persisted in-between processing runs
state.persist.dns.count count of the DNS messages persisted in-between processing runs

ICMP

Metric name Description
icmp.packet.count count of packets
icmp.v4 count of packets using IPv4
icmp.v6 count of packets using IPv6
icmp.v4.prefix.type.<type>.count count per IPv4 ICMP type
icmp.v6.prefix.type.<type>.count count per IPv6 ICMP type
icmp.error count of ICMP error messages
icmp.info count of ICMP informational messages