Stats/Telemetry for matched/dropped flowspec trafic | Feature requests

Stats/Telemetry for matched/dropped flowspec trafic

complete

Charley

It would be great if we could retrieve stats from InfluxDB by host (and by hostgroup) about the amount of traffic that matches the flowspec rules created by FastNetMon (and which is therefore theoretically dropped). This would make it possible to check very quickly on supervision whether the attack traffic has been identified & matched correctly by FastNetMon, or whether human intervention is required to adapt the filters.

Or simply have an option to exclude traffic that matches flowspec rules from traffic statistics sent to InfluxDB.

October 31, 2023

FastNetMon

marked this post as

complete

FastNetMon

And for dropped traffic you can find this option: https://fastnetmon.com/docs-fnm-advanced/discarded-traffic-monitoring-in-fastnetmon-advanced/

FastNetMon

Hello!

Thank you for feedback!

We export amount of traffic filtered via Flow Spec rules to Prometheus endpoint and to system_counters:

sudo fcli show system_counters|grep flowspec
total_flowspec_filtered_packets                            0 
total_flowspec_filtered_bytes                              0 
total_flowspec_whitelist_packets                           0 