From f073493c3d11a4d743f0ee1c3f4b423c51f60e29 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Sun, 11 May 2025 20:07:41 +0200 Subject: metrics: Add human-meaningful log_name label Use log metadata description if available, otherwise fall back on log URL without the https:// suffix. Keeping log_id for now at least - seems useful for scripts. --- docs/metrics.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'docs/metrics.md') diff --git a/docs/metrics.md b/docs/metrics.md index aac873e..627776a 100644 --- a/docs/metrics.md +++ b/docs/metrics.md @@ -27,31 +27,37 @@ Do not use for alerting, this metric is too noisy and currently used for debug. ``` # HELP silentct_log_index The next log entry to be downloaded. # TYPE silentct_log_index gauge -silentct_log_index{log_id="4e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df"} 7.30980064e+08 +silentct_log_index{log_id="4e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df",log_name="Google 'Argon2025h1'} 7.30980064e+08 ``` `log_id` is a unique log identifier in hex, computed as in RFC 6962 §3.2. +`log_name` is a human-meaningful name of the log. + ## `"silentct_log_size"` ``` # HELP silentct_log_size The number of entries in the log. # TYPE silentct_log_size gauge -silentct_log_size{log_id="4e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df"} 7.31044085e+08 +silentct_log_size{log_id="4e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df",log_name="Google 'Argon2025h1'} 7.31044085e+08 ``` `log_id` is a unique log identifier in hex, computed as in RFC 6962 §3.2. +`log_name` is a human-meaningful name of the log. + ## `"silentct_log_timestamp"` ``` # HELP silentct_log_timestamp The log's UNIX timestamp in ms. # TYPE silentct_log_timestamp gauge -silentct_log_timestamp{log_id="4e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df"} 1.737202578179e+12 +silentct_log_timestamp{log_id="4e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df",log_name="Google 'Argon2025h1'} 1.737202578179e+12 ``` `log_id` is a unique log identifier in hex, computed as in RFC 6962 §3.2. +`log_name` is a human-meaningful name of the log. + ## `"silentct_need_restart"` ``` @@ -68,7 +74,7 @@ implementation can assure that all corner-cases are handled without restarts. ``` # HELP silentct_unexpected_certificate_count Number of certificates without any allowlisting # TYPE silentct_unexpected_certificate_count gauge -silentct_unexpected_certificate_count{crt_sans="example.org www.example.org",log_id="4e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df",log_index="1234"} 1 +silentct_unexpected_certificate_count{crt_sans="example.org www.example.org",log_id="4e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df",log_index="1234",log_name="Google 'Argon2025h1'} 1 ``` `crt_sans` are the subject alternative names in the unexpected certificate, @@ -78,6 +84,8 @@ space separated. `log_index` specifies the log entry that contains the unexpected certificate. +`log_name` is a human-meaningful name of the log. + See `STATE_DIRECTORY/crt_found/-.*` for further details. The `.json` file contains the downloaded log entry. The `.ascii` file contains the parsed leaf certificate in a human-readable format to make debugging easier. -- cgit v1.2.3