mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 08:38:20 +00:00
Small stats script tweaks and beginning broker stats.
This commit is contained in:
Seth Hall
parent
cfdabb901f
commit
18a1e6f76b
2 changed files with 53 additions and 22 deletions
|
|
@ -19,6 +19,20 @@ export {
|
||||||
mem: count &log;
|
mem: count &log;
|
||||||
## Number of packets processed since the last stats interval.
|
## Number of packets processed since the last stats interval.
|
||||||
pkts_proc: count &log;
|
pkts_proc: count &log;
|
||||||
|
## Number of bytes received since the last stats interval if
|
||||||
|
## reading live traffic.
|
||||||
|
bytes_recv: count &log;
|
||||||
|
|
||||||
|
## Number of packets dropped since the last stats interval if
|
||||||
|
## reading live traffic.
|
||||||
|
pkts_dropped: count &log &optional;
|
||||||
|
## Number of packets seen on the link since the last stats
|
||||||
|
## interval if reading live traffic.
|
||||||
|
pkts_link: count &log &optional;
|
||||||
|
## Lag between the wall clock and packet timestamps if reading
|
||||||
|
## live traffic.
|
||||||
|
pkt_lag: interval &log &optional;
|
||||||
|
|
||||||
## Number of events processed since the last stats interval.
|
## Number of events processed since the last stats interval.
|
||||||
events_proc: count &log;
|
events_proc: count &log;
|
||||||
## Number of events that have been queued since the last stats
|
## Number of events that have been queued since the last stats
|
||||||
|
|
@ -57,22 +71,6 @@ export {
|
||||||
reassem_frag_size: count &log;
|
reassem_frag_size: count &log;
|
||||||
## Current size of unkown data in reassembly (this is only PIA buffer right now).
|
## Current size of unkown data in reassembly (this is only PIA buffer right now).
|
||||||
reassem_unknown_size: count &log;
|
reassem_unknown_size: count &log;
|
||||||
|
|
||||||
## Lag between the wall clock and packet timestamps if reading
|
|
||||||
## live traffic.
|
|
||||||
lag: interval &log &optional;
|
|
||||||
## Number of packets received since the last stats interval if
|
|
||||||
## reading live traffic.
|
|
||||||
pkts_recv: count &log &optional;
|
|
||||||
## Number of packets dropped since the last stats interval if
|
|
||||||
## reading live traffic.
|
|
||||||
pkts_dropped: count &log &optional;
|
|
||||||
## Number of packets seen on the link since the last stats
|
|
||||||
## interval if reading live traffic.
|
|
||||||
pkts_link: count &log &optional;
|
|
||||||
## Number of bytes received since the last stats interval if
|
|
||||||
## reading live traffic.
|
|
||||||
bytes_recv: count &log &optional;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
## Event to catch stats as they are written to the logging stream.
|
## Event to catch stats as they are written to the logging stream.
|
||||||
|
|
@ -86,7 +84,7 @@ event bro_init() &priority=5
|
||||||
|
|
||||||
event check_stats(then: time, last_ns: NetStats, last_cs: ConnStats, last_ps: ProcStats, last_es: EventStats, last_rs: ReassemblerStats, last_ts: TimerStats, last_fs: FileAnalysisStats)
|
event check_stats(then: time, last_ns: NetStats, last_cs: ConnStats, last_ps: ProcStats, last_es: EventStats, last_rs: ReassemblerStats, last_ts: TimerStats, last_fs: FileAnalysisStats)
|
||||||
{
|
{
|
||||||
local now = network_time();
|
local nettime = network_time();
|
||||||
local ns = get_net_stats();
|
local ns = get_net_stats();
|
||||||
local cs = get_conn_stats();
|
local cs = get_conn_stats();
|
||||||
local ps = get_proc_stats();
|
local ps = get_proc_stats();
|
||||||
|
|
@ -100,10 +98,11 @@ event check_stats(then: time, last_ns: NetStats, last_cs: ConnStats, last_ps: Pr
|
||||||
# shutting down.
|
# shutting down.
|
||||||
return;
|
return;
|
||||||
|
|
||||||
local info: Info = [$ts=now,
|
local info: Info = [$ts=nettime,
|
||||||
$peer=peer_description,
|
$peer=peer_description,
|
||||||
$mem=ps$mem/1048576,
|
$mem=ps$mem/1048576,
|
||||||
$pkts_proc=ns$pkts_recvd - last_ns$pkts_recvd,
|
$pkts_proc=ns$pkts_recvd - last_ns$pkts_recvd,
|
||||||
|
$bytes_recv = ns$bytes_recvd - last_ns$bytes_recvd,
|
||||||
|
|
||||||
$active_tcp_conns=cs$num_tcp_conns,
|
$active_tcp_conns=cs$num_tcp_conns,
|
||||||
$tcp_conns=cs$cumulative_tcp_conns - last_cs$cumulative_tcp_conns,
|
$tcp_conns=cs$cumulative_tcp_conns - last_cs$cumulative_tcp_conns,
|
||||||
|
|
@ -132,15 +131,13 @@ event check_stats(then: time, last_ns: NetStats, last_cs: ConnStats, last_ps: Pr
|
||||||
|
|
||||||
if ( reading_live_traffic() )
|
if ( reading_live_traffic() )
|
||||||
{
|
{
|
||||||
info$lag = now - network_time();
|
info$pkt_lag = current_time() - nettime;
|
||||||
info$pkts_recv = ns$pkts_recvd - last_ns$pkts_recvd;
|
|
||||||
info$pkts_dropped = ns$pkts_dropped - last_ns$pkts_dropped;
|
info$pkts_dropped = ns$pkts_dropped - last_ns$pkts_dropped;
|
||||||
info$pkts_link = ns$pkts_link - last_ns$pkts_link;
|
info$pkts_link = ns$pkts_link - last_ns$pkts_link;
|
||||||
info$bytes_recv = ns$bytes_recvd - last_ns$bytes_recvd;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Log::write(Stats::LOG, info);
|
Log::write(Stats::LOG, info);
|
||||||
schedule stats_report_interval { check_stats(now, ns, cs, ps, es, rs, ts, fs) };
|
schedule stats_report_interval { check_stats(nettime, ns, cs, ps, es, rs, ts, fs) };
|
||||||
}
|
}
|
||||||
|
|
||||||
event bro_init()
|
event bro_init()
|
||||||
|
|
|
||||||
|
|
@ -145,6 +145,13 @@ function get_proc_stats%(%): ProcStats
|
||||||
return r;
|
return r;
|
||||||
%}
|
%}
|
||||||
|
|
||||||
|
## Returns statistics about the event engine.
|
||||||
|
##
|
||||||
|
## Returns: A record with event engine statistics.
|
||||||
|
##
|
||||||
|
## .. bro:see:: get_net_stats
|
||||||
|
## get_proc_stats
|
||||||
|
## get_matcher_stats
|
||||||
function get_event_stats%(%): EventStats
|
function get_event_stats%(%): EventStats
|
||||||
%{
|
%{
|
||||||
RecordVal* r = new RecordVal(EventStats);
|
RecordVal* r = new RecordVal(EventStats);
|
||||||
|
|
@ -306,3 +313,30 @@ function get_matcher_stats%(%): MatcherStats
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
%}
|
%}
|
||||||
|
|
||||||
|
function get_broker_stats%(%): BrokerStats
|
||||||
|
%{
|
||||||
|
RecordVal* r = new RecordVal(CommunicationStats);
|
||||||
|
int n = 0;
|
||||||
|
|
||||||
|
#ifdef ENABLE_BROKER
|
||||||
|
auto cs = broker_mgr->ConsumeStatistics();
|
||||||
|
|
||||||
|
r->Assign(n++, new Val(cs.outgoing_peer_count, TYPE_COUNT));
|
||||||
|
r->Assign(n++, new Val(cs.data_store_count, TYPE_COUNT));
|
||||||
|
r->Assign(n++, new Val(cs.pending_query_count, TYPE_COUNT));
|
||||||
|
r->Assign(n++, new Val(cs.response_count, TYPE_COUNT));
|
||||||
|
r->Assign(n++, new Val(cs.outgoing_conn_status_count, TYPE_COUNT));
|
||||||
|
r->Assign(n++, new Val(cs.incoming_conn_status_count, TYPE_COUNT));
|
||||||
|
r->Assign(n++, new Val(cs.report_count, TYPE_COUNT));
|
||||||
|
|
||||||
|
//for ( const auto& s : cs.print_count )
|
||||||
|
// file->Write(fmt(" %-25s prints dequeued=%zu\n", s.first.data(), s.second));
|
||||||
|
//for ( const auto& s : cs.event_count )
|
||||||
|
// file->Write(fmt(" %-25s events dequeued=%zu\n", s.first.data(), s.second));
|
||||||
|
//for ( const auto& s : cs.log_count )
|
||||||
|
// file->Write(fmt(" %-25s logs dequeued=%zu\n", s.first.data(), s.second));
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return r;
|
||||||
|
%}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue