Metric label values truncated when using OpenMetrics endpoint

Daan van Gorkum daan.vangorkum at vusam.com
Thu Aug 27 05:04:20 EEST 2020 

Hi Jeff,

Thanks again for your insights. I understand that a lot of features are pending and it's totally fine, we're just very eager to use all these features.

Reagarding the logging of failed attempts I did try to configure this in these two metrics:


metric auth_client_userdb_lookup_finished {
 event_name = auth_client_userdb_lookup_finished
 group_by = service local_ip remote_ip user
}

metric auth_client_passdb_lookup_finished {
 event_name = auth_client_passdb_lookup_finished
 group_by = service local_ip remote_ip user
}

In both our testing and production environment these are not increasing and stay at 0:

$ sudo curl 0:9166/metrics -s | grep -E 'dovecot_auth_client_(user|pass)db_lookup_finished'
# HELP dovecot_auth_client_userdb_lookup_finished_count Total number
# TYPE dovecot_auth_client_userdb_lookup_finished_count counter
dovecot_auth_client_userdb_lookup_finished_count 0 1598493762018
# HELP dovecot_auth_client_userdb_lookup_finished_duration_usecs_sum Duration
# TYPE dovecot_auth_client_userdb_lookup_finished_duration_usecs_sum counter
dovecot_auth_client_userdb_lookup_finished_duration_usecs_sum 0 1598493762018
# HELP dovecot_auth_client_passdb_lookup_finished_count Total number
# TYPE dovecot_auth_client_passdb_lookup_finished_count counter
dovecot_auth_client_passdb_lookup_finished_count 0 1598493762018
# HELP dovecot_auth_client_passdb_lookup_finished_duration_usecs_sum Duration
# TYPE dovecot_auth_client_passdb_lookup_finished_duration_usecs_sum counter
dovecot_auth_client_passdb_lookup_finished_duration_usecs_sum 0 1598493762018

I will try to gather some more information and post it later. Let me know if you think there might be something up with the way we configure them.

Daan
________________________________
From: Josef 'Jeff' Sipek <jeff.sipek at open-xchange.com>
Sent: 26 August 2020 23:02
To: Daan van Gorkum <daan.vangorkum at vusam.com>
Cc: Dovecot Mailing List <dovecot at dovecot.org>
Subject: Re: Metric label values truncated when using OpenMetrics endpoint

On Tue, Aug 25, 2020 at 01:08:06 +0000, Daan van Gorkum wrote:
> Hi Jeff,
>
> Thanks for your reply!
>
> Regarding grouping by remote address, I understand and for now I'll keep a
> close eye. Maybe it's an option to group by /24 for ipv4 and /64 for IPv6?

Hrm, interesting idea.  But the answer is: no, there isn't a way.  The
simplest way to implement something like this would be to add a new
aggregating function.  So one could do something like:

        remote_ip:netmask4:24
        remote_ip:netmask6:64

To get /24 and /64, respectively.

I'll throw this idea on the ever growing pile of things that can be worked
on :)  Obviously, I can't make any promisses about this ever getting done.

> We currently do that based on the logs but the OpenMetrics endpoint seem a
> lot easier.

Aggregating based on a subnet definitely makes sense.

> A slight hijack of the original question: but I tried to log only IP
> addresses (+ result) of failed login attempts but it seems I cannot find a
> metric that would contain that information. Am I looking in the wrong
> direction? The auth_userdb_request_finished and
> auth_passdb_request_finished stats work as intended but they do not
> contain any information about the connecting client.

I haven't played with these events, but at least based on the docs [1],
auth_client_userdb_lookup_finished and auth_client_passdb_lookup_finished
events seem to have the remote_ip field as well as an error string on
failure.  Does that give you the info you need?

Jeff.

[1] https://doc.dovecot.org/admin_manual/list_of_events/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20200827/fa30d69b/attachment.html>

More information about the dovecot mailing list