Feature request: publish firewall hash to Prometheus

Question

Feature request: publish firewall hash to Prometheus

britcey opened this issue 7 months ago · comments

Hi all,

It'd be great if the firewall hash were published with the Prometheus stats - it'd be a useful mechanism to alert when a client's firewall rules change.

level=info msg="Firewall started" firewallHash=3775881c4dfa7c63e3d343e747ad66b0ddf6a72fde1ce3b2eea43436175f101f

The gotcha is that it'd need to be a float64 (we'd want it as the value, not as a label); blackbox_exporter uses a FNV-1 hash for that sort of thing:

https://github.com/prometheus/blackbox_exporter/blob/master/prober/utils.go#L136

https://pkg.go.dev/hash/fnv

Would it be as simple as updating firewall.go to add a FNV-1 hash function alongside GetRuleHash() and adding another metrics.GetOrRegisterGauge in EmitStats with that hash value?

Ben Ritcey · Answer 1 · Sat Nov 11 2023 06:02:20 GMT+0800 (China Standard Time)

It appears it is indeed that simple:

#1010

Wade Simmons · Answer 2 · Tue Dec 05 2023 02:42:02 GMT+0800 (China Standard Time)

Fixed with #1010