blob: 6fa12c19cb37464a38f068c44a4905caf15f5118 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# Metrics
The `silentct-mon` program emits Prometheus metrics -- enable using the `-m`
option. For a *bash example* of how to create appropriate alerts from these
Prometheus metrics, see [scripts/silentct-check](../scripts/silentct-check).
## `"silentct_log_size"`
```
# HELP silentct_log_size The number of entries in the log.
# TYPE silentct_log_size gauge
silentct_log_size{id="TnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8="} 6.07308178e+08
```
`id` is a unique log identifier in base64 (computed as in RFC 6962, §3.2).
## `"silentct_log_index"`
```
# HELP silentct_log_index The next log entry to be downloaded.
# TYPE silentct_log_index gauge
silentct_log_index{id="TnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8="} 6.07307424e+08
```
`id` is a unique log identifier in base64 (computed as in RFC 6962, §3.2).
## `"silentct_log_timestamp"`
```
# HELP silentct_log_timestamp The log's UNIX timestamp in ms.
# TYPE silentct_log_timestamp gauge
silentct_log_timestamp{id="TnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8="} 1.735992491111e+12
```
`id` is a unique log identifier in base64 (computed as in RFC 6962, §3.2).
## `"silentct_certificate_alert"`
```
# HELP silentct_certificate_alert The time the certificate without allowlisting was found.
# TYPE silentct_certificate_alert gauge
silentct_certificate_alert{stored_at="/path/to/state/crt_found/<log-hex-id>-<log-index>.json"} 1.735992551e+09
```
`stored_at` is where the log entry is stored on the monitor's local file system.
For convenience, the parsed log-entry certificate is also available as `.der`.
## `"silentct_error_counter"`
```
# HELP silentct_error_counter The number of errors propagated to the main loop.
# TYPE silentct_error_counter counter
silentct_error_counter 0
```
Do not use for alerting, this metric is too noisy and currently used for debug.
## `"silentct_need_restart"`
```
# HELP silentct_need_restart A non-zero value if the monitor needs restarting.
# TYPE silentct_need_restart gauge
silentct_need_restart 0
```
Restarts are normally not needed; but here's a metric until the `silentct-mon`
implementation can assure that all corner-cases are handled without restarts.
|
