Open goshlanguage opened 2 years ago
I think that’s a great idea! We had feature requests like this one before but noone actually ever implemented them. The most difficult thing will probably be naming conventions and what to collect with which cardinality?
Failed token request in itself does not provide meaningful insight into bad actors IMO - but it’s a nice metric to have.
One issue though will be that the # of requests will reset on restart so that needs to be accounted for!
Hi ! I'm chiming in on this issue.
We're currently in the process of adding monitors and alerting on hydra and we also want to monitor some basic functional KPIs like:
I'd be interested on working on such core functional metrics and submit a PR. WDYT ? If you have any recommendations on the tags, metric names ?
Hi, any news on this feature ?
Hello @nlamirault
Any news will be posted in this issue!
@achedeuzot Apologies for the late response! I think that would be a great addition, how is your implementation looking? Feel free to open a design document or PR for it.
Hello contributors!
I am marking this issue as stale as it has not received any engagement from the community or maintainers for a year. That does not imply that the issue has no merit! If you feel strongly about this issue
Throughout its lifetime, Ory has received over 10.000 issues and PRs. To sustain that growth, we need to prioritize and focus on issues that are important to the community. A good indication of importance, and thus priority, is activity on a topic.
Unfortunately, burnout has become a topic of concern amongst open-source projects.
It can lead to severe personal and health issues as well as opening catastrophic attack vectors.
The motivation for this automation is to help prioritize issues in the backlog and not ignore, reject, or belittle anyone.
If this issue was marked as stale erroneously you can exempt it by adding the backlog
label, assigning someone, or setting a milestone for it.
Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
Thank you 🙏✌️
@achedeuzot Apologies for the late response! I think that would be a great addition, how is your implementation looking? Feel free to open a design document or PR for it.
Hi @vinckr I hadn't had time to do any work on this unfortunately 😓
Is your feature request related to a problem? Please describe.
First, thanks for hydra. In our evaluation, we've found it to be a great tool.
One thing I'm having difficulties with is monitoring. There are many go based metrics and some others available in the metrics endpoint, but I'd be curious to know if other metrics would be a welcomed pr, and if so what KPIs (key performance indicators) there may be interest in?
Describe the solution you'd like
Currently, I am monitoring an ingress in front of hydra to watch for returned 4XX or 5XX status codes, but would be motivated to add metrics specifically for:
Tracking failed token requests also gives us a way to watch for bad actors.
Describe alternatives you've considered
I'm monitoring the ingress as mentioned above, but this falls short as it can be an inaccurate reflection of how hyrdra is performing, especially in the case of misconfiguration or other ingress/networking issues.
Additional context
Here are the metrics I see exposed currently by hydra, which seem to be the standard go proc data: