Feature: Optionally expose metrics by source

[Evesy]

We were looking to use this exporter to monitor connections on a number of machines being used as NAT Gateways. In this use case whilst monitoring connections by destination is certainly useful, it is much more beneficial to be able to see the number of connections being opened by a given source, to help identify bad clients that are performing far too much connection churn.

It would be great to have some toggles to be able to optionally include a source cardinality (rolled up by host, dropping the port due to cardinality), and also to drop the destination cardinality

[dbendelman]

Definitely seeing the benefit of that. Though if you control the clients, an immediate solution for you could be to just deploy this exporter on them and track outbound connections (unless tracking their connection patterns would exhaust your prometheus server, of course).

Sounds like a good UX for this could be a toggle like --labels=[source|destination], which defaults to "destination". The actual names of the labels exposed could be {host=x.x.x.x:y} for --labels=destination to preserve backwards compatibility, and {source_ip=x.x.x.x} for --labels=source.

I'd be happy to merge a PR implementing such a feature.

[Evesy]

Thanks for the reply!

In this particular setup we have Container(s) -> Node -> Gateway, so even running the exporter on the node it would still be beneficial to see the sources to be able to map high number of tracked connections back to a particular container running on the node. Having a view of source at the gateway level is useful because tracked connections on the node itself will include internal traffic that doesn't route through the gateways and as such isn't something we care as much about

I'd be happy to try my hand at a PR in the near future though this will be my first endeavour with C++ so might be slow progress 😅