Document what bouncer metric name is used to report "Dropped Traffic" in the Crowdsec Portal

[david-garcia-garcia]

What would you like to be added?

I am trying to add support to the Traeffik bouncer to report the amount of bounced traffic to the Crowdsec Portal.

I was not able to find what is the exact metric name the the bouncer needs to feed the LAPI so that this ends up in the Portal:

https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/pull/223

My guess (not sure where it came from...) was: requests_blocked_total

Why is this needed?

So that people know how to report dropped traffic metrics from bouncers.

[github-actions[bot]]

@david-garcia-garcia: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

1. Check Crowdsec Documentation to see if your issue can be self resolved.
2. You can also join our Discord.
3. Check Releases to make sure your agent is on the latest version.

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[github-actions[bot]]

@david-garcia-garcia: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

• /kind feature
• /kind enhancement
• /kind refactoring
• /kind bug
• /kind packaging

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

[blotus]

Hello,

We need to document the internal workings of the metrics system in LAPI to facilitate the implementation for third-party bouncers.

The gist of it:

• The metrics shown in cscli metrics show bouncers are not directly related to the prometheus metrics that a bouncer can expose (although it's likely for a bouncer to track the values internally with the prometheus client library, as it's easier)
• While you can technically used any names for the metrics you push to LAPI, if you want them to appear in the console, the name must be set to dropped
• Same thing for the units, it can be either request, byte or packet (in your case, you'll want request)
• The go-cs-bouncer package provide a (small) abstraction for sending the metrics (see https://github.com/crowdsecurity/go-cs-bouncer/blob/main/metrics.go#L52 and https://github.com/crowdsecurity/go-cs-bouncer/blob/main/metrics.go#L92)
• When you send the values for the amount of requests dropped (or processed), you must send the delta from your last push, for example:
  • if the 1st time you send metrics you blocked 10 requests since the start of the bouncer, you send 10, because 10 (current absolute count) - 0 (last absolute count) = 10.
  • For the next push, you have blocked 15 requests since the start of the bouncer, so you'll send 5, because 15 (current absolute count) - 10 (last absolute count) = 5)
  • This may seem weird, but it makes handling counter reset in LAPI and the console essentially free.
• dropped metrics can have an origin label: this is based on the origin of the decision in crowdsec (crowdsec, cscli, lists, ...): this allows to track the efficiency of each block source.
• Do not push metrics too often: when using the go-cs-bouncer package, they will be sent every 15 minutes. The goal of the metrics in the console is not to replace an actual monitoring system, but just to give you a sense of what is blocked.

You can have a look at the implementation in the firewall bouncer (fully featured) or in the cloudflare-worker-bouncer (it currently harcodes crowdsec as the origin for all blocks).

You can also ping me on discord (same nick as here) if you have more questions while we work on publishing the documentation.