From 3a963f080e238a63c46e648cb4ce70ccc58e0281 Mon Sep 17 00:00:00 2001
From: Tim Wojtulewicz <timwoj@gmail.com>
Date: Thu, 10 Nov 2022 11:20:07 -0700
Subject: [PATCH] Add EventHandler version of stats plugin

---
 src/EventHandler.cc |  2 ++
 src/EventHandler.h  |  3 +++
 src/stats.bif       | 25 +++++++++++++++++++++++++
 3 files changed, 30 insertions(+)

diff --git a/src/EventHandler.cc b/src/EventHandler.cc
index 09ba72c27d..62a616a619 100644
--- a/src/EventHandler.cc
+++ b/src/EventHandler.cc
@@ -52,6 +52,8 @@ void EventHandler::SetFunc(FuncPtr f)
 
 void EventHandler::Call(Args* vl, bool no_remote)
 	{
+	call_count++;
+
 	if ( new_event )
 		NewEvent(vl);
 
diff --git a/src/EventHandler.h b/src/EventHandler.h
index b2137be402..c8947f1082 100644
--- a/src/EventHandler.h
+++ b/src/EventHandler.h
@@ -52,6 +52,8 @@ public:
 	void SetGenerateAlways() { generate_always = true; }
 	bool GenerateAlways() const { return generate_always; }
 
+	uint64_t CallCount() const { return call_count; }
+
 private:
 	void NewEvent(zeek::Args* vl); // Raise new_event() meta event.
 
@@ -62,6 +64,7 @@ private:
 	bool enabled;
 	bool error_handler; // this handler reports error messages.
 	bool generate_always;
+	uint64_t call_count = 0;
 
 	std::unordered_set<std::string> auto_publish;
 	};
diff --git a/src/stats.bif b/src/stats.bif
index ba5b94efae..d7131da482 100644
--- a/src/stats.bif
+++ b/src/stats.bif
@@ -484,3 +484,28 @@ function get_reporter_stats%(%): ReporterStats
 
 	return r;
 	%}
+
+function get_event_handler_call_counts%(%): EventNameStats
+  %{
+	auto rval = zeek::make_intrusive<zeek::VectorVal>(zeek::id::find_type<VectorType>("EventNameStats"));
+	const auto& recordType = zeek::id::find_type<RecordType>("EventNameCounter");
+
+	int i = 0;
+	const auto& events = event_registry->UsedHandlers();
+	for ( const auto& name : events )
+		{
+		auto handler = event_registry->Lookup(name);
+		auto call_count = handler->CallCount();
+
+		if ( call_count > 0 )
+			{
+			auto eventStatRecord = zeek::make_intrusive<zeek::RecordVal>(recordType);
+			eventStatRecord->Assign(0, zeek::make_intrusive<zeek::StringVal>(name));
+			eventStatRecord->Assign(1, zeek::val_mgr->Count(handler->CallCount()));
+			rval->Assign(i, std::move(eventStatRecord));
+			i++;
+			}
+		}
+
+	return rval;
+	%}