Created
December 7, 2023 20:40
-
-
Save stevenbrz/69391aa71b22d205b6add88ae10fb905 to your computer and use it in GitHub Desktop.
Falco Profiling
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| base_syscalls: [clone, clone3, fork, vfork, execve, execveat] | |
| { | |
| "hostname": "{redacted}", | |
| "output": "Falco metrics snapshot", | |
| "output_fields": { | |
| "evt.source": "syscall", | |
| "evt.time": 1701980051746846882, | |
| "falco.cpu_usage_perc": 17.5, | |
| "falco.duration_sec": 110, | |
| "falco.evts_rate_sec": 5224.842355187851, | |
| "falco.host_boot_ts": 1700163046000000000, | |
| "falco.host_num_cpus": 128, | |
| "falco.hostname": "{redacted}", | |
| "falco.kernel_release": "6.1.52", | |
| "falco.memory_pss": 438, | |
| "falco.memory_rss": 698, | |
| "falco.memory_vsz": 998, | |
| "falco.num_evts": 367771, | |
| "falco.num_evts_prev": 315517, | |
| "falco.outputs_queue_num_drops": 0, | |
| "falco.start_ts": 1701979941717161604, | |
| "falco.version": "0.36.2", | |
| "scap.engine_name": "modern_bpf", | |
| "scap.evts_drop_rate_sec": 0.0, | |
| "scap.evts_rate_sec": 5153.749942845475, | |
| "scap.n_drops": 0, | |
| "scap.n_drops_perc": 0.0, | |
| "scap.n_drops_prev": 0, | |
| "scap.n_evts": 364703, | |
| "scap.n_evts_prev": 313160 | |
| }, | |
| "priority": "Informational", | |
| "rule": "Falco internal: metrics snapshot", | |
| "source": "internal", | |
| "time": "2023-12-07T20:14:11.746846882Z" | |
| } | |
| base_syscalls: [chdir, chroot, clone, clone3, fchdir, fork, setgid, setpgid, setresgid, setresuid, setsid, vfork] | |
| { | |
| "hostname": "{redacted}", | |
| "output": "Falco metrics snapshot", | |
| "output_fields": { | |
| "evt.source": "syscall", | |
| "evt.time": 1701980273899587731, | |
| "falco.cpu_usage_perc": 19.0, | |
| "falco.duration_sec": 110, | |
| "falco.evts_rate_sec": 6132.608699718701, | |
| "falco.host_boot_ts": 1700163046000000000, | |
| "falco.host_num_cpus": 128, | |
| "falco.hostname": "{redacted}", | |
| "falco.kernel_release": "6.1.52", | |
| "falco.memory_pss": 444, | |
| "falco.memory_rss": 704, | |
| "falco.memory_vsz": 1004, | |
| "falco.num_evts": 410442, | |
| "falco.num_evts_prev": 349116, | |
| "falco.outputs_queue_num_drops": 0, | |
| "falco.start_ts": 1701980163872908797, | |
| "falco.version": "0.36.2", | |
| "scap.engine_name": "modern_bpf", | |
| "scap.evts_drop_rate_sec": 0.0, | |
| "scap.evts_rate_sec": 6023.308544665501, | |
| "scap.n_drops": 0, | |
| "scap.n_drops_perc": 0.0, | |
| "scap.n_drops_prev": 0, | |
| "scap.n_evts": 406588, | |
| "scap.n_evts_prev": 346355 | |
| }, | |
| "priority": "Informational", | |
| "rule": "Falco internal: metrics snapshot", | |
| "source": "internal", | |
| "time": "2023-12-07T20:17:53.899587731Z" | |
| } | |
| base_syscalls: [clone, clone3, fork, vfork, execve, execveat, getsockopt, socket, bind, accept, accept4, close] | |
| { | |
| "hostname": "{redacted}", | |
| "output": "Falco metrics snapshot", | |
| "output_fields": { | |
| "evt.source": "syscall", | |
| "evt.time": 1701980510506699712, | |
| "falco.cpu_usage_perc": 32.8, | |
| "falco.duration_sec": 110, | |
| "falco.evts_rate_sec": 93122.6077670008, | |
| "falco.host_boot_ts": 1700163046000000000, | |
| "falco.host_num_cpus": 128, | |
| "falco.hostname": "{redacted}", | |
| "falco.kernel_release": "6.1.52", | |
| "falco.memory_pss": 457, | |
| "falco.memory_rss": 717, | |
| "falco.memory_vsz": 1018, | |
| "falco.num_evts": 34702768, | |
| "falco.num_evts_prev": 33771540, | |
| "falco.outputs_queue_num_drops": 0, | |
| "falco.start_ts": 1701980400478379366, | |
| "falco.version": "0.36.2", | |
| "scap.engine_name": "modern_bpf", | |
| "scap.evts_drop_rate_sec": 0.0, | |
| "scap.evts_rate_sec": 121014.55018966405, | |
| "scap.n_drops": 199816008, | |
| "scap.n_drops_buffer_clone_fork_enter": 3360, | |
| "scap.n_drops_buffer_clone_fork_exit": 7682, | |
| "scap.n_drops_buffer_close_exit": 99853728, | |
| "scap.n_drops_buffer_execve_enter": 1822, | |
| "scap.n_drops_buffer_execve_exit": 2055, | |
| "scap.n_drops_buffer_other_interest_enter": 123, | |
| "scap.n_drops_buffer_other_interest_exit": 126, | |
| "scap.n_drops_buffer_proc_exit": 4451, | |
| "scap.n_drops_buffer_total": 199816008, | |
| "scap.n_drops_perc": 0.0, | |
| "scap.n_drops_prev": 199816008, | |
| "scap.n_evts": 237479511, | |
| "scap.n_evts_prev": 236269363 | |
| }, | |
| "priority": "Informational", | |
| "rule": "Falco internal: metrics snapshot", | |
| "source": "internal", | |
| "time": "2023-12-07T20:21:50.506699712Z" | |
| } | |
| base_syscalls: [clone, clone3, fork, vfork, execve, execveat, getsockopt, socket, connect, close] | |
| { | |
| "hostname": "{redacted}", | |
| "output": "Falco metrics snapshot", | |
| "output_fields": { | |
| "evt.source": "syscall", | |
| "evt.time": 1701980769449620870, | |
| "falco.cpu_usage_perc": 31.5, | |
| "falco.duration_sec": 115, | |
| "falco.evts_rate_sec": 2128166.9561680453, | |
| "falco.host_boot_ts": 1700163046000000000, | |
| "falco.host_num_cpus": 128, | |
| "falco.hostname": "{redacted}", | |
| "falco.kernel_release": "6.1.52", | |
| "falco.memory_pss": 452, | |
| "falco.memory_rss": 712, | |
| "falco.memory_vsz": 1013, | |
| "falco.num_evts": 58861475, | |
| "falco.num_evts_prev": 37580082, | |
| "falco.outputs_queue_num_drops": 0, | |
| "falco.start_ts": 1701980653673532364, | |
| "falco.version": "0.36.2", | |
| "scap.engine_name": "modern_bpf", | |
| "scap.evts_drop_rate_sec": 21251559.170386888, | |
| "scap.evts_rate_sec": 23875792.173082028, | |
| "scap.n_drops": 445590948, | |
| "scap.n_drops_buffer_clone_fork_enter": 5459, | |
| "scap.n_drops_buffer_clone_fork_exit": 12140, | |
| "scap.n_drops_buffer_close_exit": 222665600, | |
| "scap.n_drops_buffer_connect_enter": 6262, | |
| "scap.n_drops_buffer_connect_exit": 6303, | |
| "scap.n_drops_buffer_execve_enter": 2675, | |
| "scap.n_drops_buffer_execve_exit": 3030, | |
| "scap.n_drops_buffer_other_interest_enter": 240, | |
| "scap.n_drops_buffer_other_interest_exit": 241, | |
| "scap.n_drops_buffer_proc_exit": 5869, | |
| "scap.n_drops_buffer_total": 445590948, | |
| "scap.n_drops_perc": 89.0088128441085, | |
| "scap.n_drops_prev": 233078118, | |
| "scap.n_evts": 511333930, | |
| "scap.n_evts_prev": 272579111 | |
| }, | |
| "priority": "Informational", | |
| "rule": "Falco internal: metrics snapshot", | |
| "source": "internal", | |
| "time": "2023-12-07T20:26:09.449620870Z" | |
| } | |
| base_syscalls: [clone, clone3, fork, vfork, execve, execveat, open, openat, openat2, close] | |
| { | |
| "hostname": "{redacted}", | |
| "output": "Falco metrics snapshot", | |
| "output_fields": { | |
| "evt.source": "syscall", | |
| "evt.time": 1701980945535517312, | |
| "falco.cpu_usage_perc": 38.6, | |
| "falco.duration_sec": 110, | |
| "falco.evts_rate_sec": 1311849.4719066871, | |
| "falco.host_boot_ts": 1700163046000000000, | |
| "falco.host_num_cpus": 128, | |
| "falco.hostname": "{redacted}", | |
| "falco.kernel_release": "6.1.52", | |
| "falco.memory_pss": 451, | |
| "falco.memory_rss": 711, | |
| "falco.memory_vsz": 1013, | |
| "falco.num_evts": 51596822, | |
| "falco.num_evts_prev": 38479145, | |
| "falco.outputs_queue_num_drops": 0, | |
| "falco.start_ts": 1701980835510051527, | |
| "falco.version": "0.36.2", | |
| "scap.engine_name": "modern_bpf", | |
| "scap.evts_drop_rate_sec": 12898525.507660028, | |
| "scap.evts_rate_sec": 14707611.573964523, | |
| "scap.n_drops": 371743730, | |
| "scap.n_drops_buffer_clone_fork_enter": 5526, | |
| "scap.n_drops_buffer_clone_fork_exit": 11953, | |
| "scap.n_drops_buffer_close_exit": 184553743, | |
| "scap.n_drops_buffer_connect_enter": 5495, | |
| "scap.n_drops_buffer_connect_exit": 5510, | |
| "scap.n_drops_buffer_execve_enter": 2522, | |
| "scap.n_drops_buffer_execve_exit": 2742, | |
| "scap.n_drops_buffer_open_enter": 1210685, | |
| "scap.n_drops_buffer_open_exit": 1218276, | |
| "scap.n_drops_buffer_other_interest_enter": 262, | |
| "scap.n_drops_buffer_other_interest_exit": 263, | |
| "scap.n_drops_buffer_proc_exit": 6779, | |
| "scap.n_drops_buffer_total": 371743730, | |
| "scap.n_drops_perc": 87.69966110944249, | |
| "scap.n_drops_prev": 242766515, | |
| "scap.n_evts": 433102018, | |
| "scap.n_evts_prev": 286035070 | |
| }, | |
| "priority": "Informational", | |
| "rule": "Falco internal: metrics snapshot", | |
| "source": "internal", | |
| "time": "2023-12-07T20:29:05.535517312Z" | |
| } | |
| Same as previous with 4 CPUs per buffer & double buffer size | |
| { | |
| "hostname": "{redacted}", | |
| "output": "Falco metrics snapshot", | |
| "output_fields": { | |
| "evt.source": "syscall", | |
| "evt.time": 1701981493425550967, | |
| "falco.cpu_usage_perc": 39.2, | |
| "falco.duration_sec": 350, | |
| "falco.evts_rate_sec": 3093231.1397307925, | |
| "falco.host_boot_ts": 1700163046000000000, | |
| "falco.host_num_cpus": 128, | |
| "falco.hostname": "{redacted}", | |
| "falco.kernel_release": "6.1.52", | |
| "falco.memory_pss": 530, | |
| "falco.memory_rss": 790, | |
| "falco.memory_vsz": 1091, | |
| "falco.num_evts": 293193709, | |
| "falco.num_evts_prev": 262261379, | |
| "falco.outputs_queue_num_drops": 0, | |
| "falco.start_ts": 1701981143404157826, | |
| "falco.version": "0.36.2", | |
| "scap.engine_name": "modern_bpf", | |
| "scap.evts_drop_rate_sec": 12636919.100156853, | |
| "scap.evts_rate_sec": 15642981.69231081, | |
| "scap.n_drops": 1256033877, | |
| "scap.n_drops_buffer_clone_fork_enter": 17272, | |
| "scap.n_drops_buffer_clone_fork_exit": 38008, | |
| "scap.n_drops_buffer_close_exit": 626034978, | |
| "scap.n_drops_buffer_connect_enter": 23652, | |
| "scap.n_drops_buffer_connect_exit": 23713, | |
| "scap.n_drops_buffer_execve_enter": 8552, | |
| "scap.n_drops_buffer_execve_exit": 9399, | |
| "scap.n_drops_buffer_open_enter": 1441209, | |
| "scap.n_drops_buffer_open_exit": 1450962, | |
| "scap.n_drops_buffer_other_interest_enter": 1279, | |
| "scap.n_drops_buffer_other_interest_exit": 1296, | |
| "scap.n_drops_buffer_proc_exit": 20500, | |
| "scap.n_drops_buffer_total": 1256033877, | |
| "scap.n_drops_perc": 80.78331451585369, | |
| "scap.n_drops_prev": 1129664610, | |
| "scap.n_evts": 1568010447, | |
| "scap.n_evts_prev": 1411580536 | |
| }, | |
| "priority": "Informational", | |
| "rule": "Falco internal: metrics snapshot", | |
| "source": "internal", | |
| "time": "2023-12-07T20:38:13.425550967Z" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment