Updated the app-metrics script to the new metrics api.

- Inconsequential change to scan.bro.
2025-10-13 03:58:20 +00:00 · 2012-11-16 03:05:43 -05:00 · 2012-11-16 03:05:43 -05:00 · 257b460b18
commit 257b460b18
parent e99e090b85
2 changed files with 14 additions and 23 deletions
--- a/scripts/policy/misc/app-metrics.bro
+++ b/scripts/policy/misc/app-metrics.bro
@ -12,48 +12,41 @@ export {
 event bro_init() &priority=3
 	{
-	Metrics::add_filter("apps.bytes", [$break_interval=break_interval]);
+	Metrics::add_filter("apps.bytes", [$every=break_interval, $measure=set(Metrics::SUM)]);
-	Metrics::add_filter("apps.views", [$break_interval=break_interval]);
+	Metrics::add_filter("apps.hits",  [$every=break_interval, $measure=set(Metrics::SUM, Metrics::UNIQUE)]);
 	Metrics::add_filter("apps.users", [$break_interval=break_interval]);
 	}
 function do_metric(id: conn_id, hostname: string, size: count)
 	{
 	if ( /youtube/ in hostname && size > 512*1024 ) 
 		{
-		Metrics::add_data("apps.bytes", [$str="youtube"], size);
+		Metrics::add_data("apps.bytes", [$str="youtube"], [$num=size]);
-		Metrics::add_data("apps.views", [$str="youtube"], 1);
+		Metrics::add_data("apps.hits",  [$str="youtube"], [$str=cat(id$orig_h)]);
 		Metrics::add_unique("apps.users", [$str="youtube"], cat(id$orig_h));
 		}
 	else if ( /facebook.com|fbcdn.net/ in hostname && size > 20 )
 		{
-		Metrics::add_data("apps.bytes", [$str="facebook"], size);
+		Metrics::add_data("apps.bytes", [$str="facebook"], [$num=size]);
-		Metrics::add_data("apps.views", [$str="facebook"], 1);
+		Metrics::add_data("apps.hits",  [$str="facebook"], [$str=cat(id$orig_h)]);
 		Metrics::add_unique("apps.users", [$str="facebook"], cat(id$orig_h));
 		}
 	else if ( /google.com/ in hostname && size > 20 ) 
 		{
-		Metrics::add_data("apps.bytes", [$str="google"], size);
+		Metrics::add_data("apps.bytes", [$str="google"], [$num=size]);
-		Metrics::add_data("apps.views", [$str="google"], 1);
+		Metrics::add_data("apps.hits",  [$str="google"], [$str=cat(id$orig_h)]);
 		Metrics::add_unique("apps.users", [$str="google"], cat(id$orig_h));
 		}
 	else if ( /nflximg.com/ in hostname && size > 200*1024 ) 
 		{
-		Metrics::add_data("apps.bytes", [$str="netflix"], size);
+		Metrics::add_data("apps.bytes", [$str="netflix"], [$num=size]);
-		Metrics::add_data("apps.views", [$str="netflix"], 1);
+		Metrics::add_data("apps.hits",  [$str="netflix"], [$str=cat(id$orig_h)]);
 		Metrics::add_unique("apps.users", [$str="netflix"], cat(id$orig_h));
 		}
 	else if ( /pandora.com/ in hostname && size > 512*1024 )
 		{
-		Metrics::add_data("apps.bytes", [$str="pandora"], size);
+		Metrics::add_data("apps.bytes", [$str="pandora"], [$num=size]);
-		Metrics::add_data("apps.views", [$str="pandora"], 1);
+		Metrics::add_data("apps.hits",  [$str="pandora"], [$str=cat(id$orig_h)]);
 		Metrics::add_unique("apps.users", [$str="pandora"], cat(id$orig_h));
 		}
 	else if ( /gmail.com/ in hostname && size > 20 )
 		{
-		Metrics::add_data("apps.bytes", [$str="gmail"], size);
+		Metrics::add_data("apps.bytes", [$str="gmail"], [$num=size]);
-		Metrics::add_data("apps.views", [$str="gmail"], 1);
+		Metrics::add_data("apps.hits",  [$str="gmail"], [$str=cat(id$orig_h)]);
 		Metrics::add_unique("apps.users", [$str="gmail"], cat(id$orig_h));
 		}
 }
--- a/scripts/policy/protocols/conn/scan.bro
+++ b/scripts/policy/protocols/conn/scan.bro
@ -282,7 +282,6 @@ event connection_reset(c: connection)
 	if ( is_failed_conn(c) )
 		{
 		is_scan = T;
 		is_reverse_scan = F;
 		}
 	else if ( is_reverse_failed_conn(c) )
 		{
@ -305,7 +304,6 @@ event connection_pending(c: connection)
 	if ( is_failed_conn(c) )
 		{
 		is_scan = T;
 		is_reverse_scan = F;
 		}
 	else if ( is_reverse_failed_conn(c) )
 		{