|
| 1 | +# Monitoring TheHive |
| 2 | + |
| 3 | +The monitoring will allow you to get metrics about the behavior of your TheHive instance: request time, cpu and memory usage ... |
| 4 | + |
| 5 | +TheHive uses the library [kamon.io](https://kamon.io/) and by default the monitoring is **disabled** |
| 6 | + |
| 7 | +TheHive ships with the integration for Prometheus reporter. <br> Other reporters are **not** included by TheHive. If you would like to see a reporter included by default in TheHive, contact us. |
| 8 | + |
| 9 | + |
| 10 | + |
| 11 | + |
| 12 | + |
| 13 | +## Metrics setup with Prometheus and Grafana |
| 14 | + |
| 15 | +Here we will setup metrics reporting with [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/) |
| 16 | + |
| 17 | +### TheHive configuration |
| 18 | + |
| 19 | +In your `application.conf`, add this section to the configuration: |
| 20 | + |
| 21 | +``` |
| 22 | +kamon { |
| 23 | + # Activate kamon module - disabled by default |
| 24 | + enabled = true |
| 25 | +
|
| 26 | + # Activate the prometheus reporter |
| 27 | + modules { |
| 28 | + prometheus-reporter.enabled = yes |
| 29 | + } |
| 30 | +
|
| 31 | + environment.tags { |
| 32 | + # Setup additional tags that will be sent to prometheus |
| 33 | + # See https://kamon.io/docs/latest/reporters/prometheus/#sending-environment-tags-to-prometheus |
| 34 | + # ex: env = prod |
| 35 | + } |
| 36 | +
|
| 37 | + # Reference: https://kamon.io/docs/latest/reporters/prometheus/#configuration |
| 38 | + prometheus { |
| 39 | + include-environment-tags = true |
| 40 | + # Start and embedded-server on the provided port. |
| 41 | + # If using docker, make sure that this port is accessbile |
| 42 | + embedded-server { |
| 43 | + hostname = 0.0.0.0 |
| 44 | + port = 9095 |
| 45 | + } |
| 46 | + } |
| 47 | +} |
| 48 | +``` |
| 49 | + |
| 50 | +You will need to restart TheHive for the configuration to take effect |
| 51 | + |
| 52 | +To check that the prometheus reporter is working, connect to <http://THEHIVE:9095/metrics> |
| 53 | +You should see a list of metrics that are reported by TheHive. |
| 54 | + |
| 55 | + |
| 56 | +### Prometheus configuration |
| 57 | + |
| 58 | +Add the [scrape configuration](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) to prometheus configuration `prometheus.yml` |
| 59 | + |
| 60 | +```yaml |
| 61 | +scrape_configs: |
| 62 | + # ... other scrape configs |
| 63 | + |
| 64 | + - job_name: 'thehive' |
| 65 | + scrape_interval: 30s |
| 66 | + static_configs: |
| 67 | + - targets: ['THEHIVE:9095'] # set the ip or hostname for TheHive |
| 68 | +``` |
| 69 | +
|
| 70 | +In a dynamic environment like kubernetes, the TheHive service can be automatically discovered by prometheus. You can enable this with labels on your pod or by adding a `PodMonitor` resource. See the adaquate documentation: Prometheus [configuration](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config) or Prometheus [operator](https://prometheus-operator.dev/docs/user-guides/getting-started/) |
| 71 | + |
| 72 | + |
| 73 | +### Grafana configuration |
| 74 | + |
| 75 | +- Make sure that prometheus is setup as a Datasource inside Grafana |
| 76 | +- Import dashboards or create your own. We recommend the following dashboards (these dashboards were not created by Strangebee): |
| 77 | + - [Kamon 2.x - API dashboard](https://grafana.com/grafana/dashboards/12317-api-dashboard/): see API metrics like throughoutput, latency, % of error status. *Note that TheHive frontend uses long polling, some requests take 60 seconds and they will appear as outliers in this dashboard* |
| 78 | + - [Kamon 2.x - System metrics dashboard](https://grafana.com/grafana/dashboards/12315-system-metrics-dashboard/): see info about CPU or memory usage, JVM metrics like Heap usage or GC |
| 79 | + - [Kamon 2.x - Akka](https://grafana.com/grafana/dashboards/10776-kamon-akka-marcelo/): info about Akka system, actors, processing time |
| 80 | + |
| 81 | + To make these dashboards work, you may need to edit the dashboard variables |
0 commit comments