diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index fa9149c674..3d870da38f 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -530,8 +530,9 @@ type MatcherStats: record { }; type TimerStats: record { - num_timers: count; ##< Current number of pending timers. - max_timers: count; ##< Maximum number of concurrent timers pending so far. + current: count; ##< Current number of pending timers. + max: count; ##< Maximum number of concurrent timers pending so far. + cumulative: count; }; type FileAnalysisStats: record { diff --git a/scripts/policy/misc/stats.bro b/scripts/policy/misc/stats.bro index 877d32130b..a49d377bae 100644 --- a/scripts/policy/misc/stats.bro +++ b/scripts/policy/misc/stats.bro @@ -39,6 +39,16 @@ export { ## ICMP connections seen since last stats interval. icmp_conns: count &log; + ## Number of timers scheduled since last stats interval. + timers: count &log; + ## Current number of scheduled timers. + active_timers: count &log; + + ## Number of files seen since last stats interval. + files: count &log; + ## Current number of files actively being seen. + active_files: count &log; + ## Current size of TCP data in reassembly. reassem_tcp_size: count &log; ## Current size of File data in reassembly. @@ -74,14 +84,16 @@ event bro_init() &priority=5 Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats, $path="stats"]); } -event check_stats(last_ts: time, last_ns: NetStats, last_cs: ConnStats, last_ps: ProcStats, last_es: EventStats, last_rs: ReassemblerStats) +event check_stats(then: time, last_ns: NetStats, last_cs: ConnStats, last_ps: ProcStats, last_es: EventStats, last_rs: ReassemblerStats, last_ts: TimerStats, last_fs: FileAnalysisStats) { - local now = current_time(); + local now = network_time(); local ns = get_net_stats(); local cs = get_conn_stats(); local ps = get_proc_stats(); local es = get_event_stats(); local rs = get_reassembler_stats(); + local ts = get_timer_stats(); + local fs = get_file_analysis_stats(); if ( bro_is_terminating() ) # No more stats will be written or scheduled when Bro is @@ -90,7 +102,7 @@ event check_stats(last_ts: time, last_ns: NetStats, last_cs: ConnStats, last_ps: local info: Info = [$ts=now, $peer=peer_description, - $mem=ps$mem/1000000, + $mem=ps$mem/1048576, $pkts_proc=ns$pkts_recvd - last_ns$pkts_recvd, $active_tcp_conns=cs$num_tcp_conns, @@ -106,11 +118,17 @@ event check_stats(last_ts: time, last_ns: NetStats, last_cs: ConnStats, last_ps: $reassem_unknown_size=rs$unknown_size, $events_proc=es$num_events_dispatched - last_es$num_events_dispatched, - $events_queued=es$num_events_queued - last_es$num_events_queued + $events_queued=es$num_events_queued - last_es$num_events_queued, + + $timers=ts$cumulative - last_ts$cumulative, + $active_timers=ts$current, + + $files=fs$cumulative - last_fs$cumulative, + $active_files=fs$current ]; # Someone's going to have to explain what this is and add a field to the Info record. - # info$util = 100.0*((ps$user_time + ps$system_time) - (last_ps$user_time + last_ps$system_time))/(now-last_ts); + # info$util = 100.0*((ps$user_time + ps$system_time) - (last_ps$user_time + last_ps$system_time))/(now-then); if ( reading_live_traffic() ) { @@ -122,10 +140,10 @@ event check_stats(last_ts: time, last_ns: NetStats, last_cs: ConnStats, last_ps: } Log::write(Stats::LOG, info); - schedule stats_report_interval { check_stats(now, ns, cs, ps, es, rs) }; + schedule stats_report_interval { check_stats(now, ns, cs, ps, es, rs, ts, fs) }; } event bro_init() { - schedule stats_report_interval { check_stats(current_time(), get_net_stats(), get_conn_stats(), get_proc_stats(), get_event_stats(), get_reassembler_stats()) }; + schedule stats_report_interval { check_stats(network_time(), get_net_stats(), get_conn_stats(), get_proc_stats(), get_event_stats(), get_reassembler_stats(), get_timer_stats(), get_file_analysis_stats()) }; } diff --git a/src/PriorityQueue.cc b/src/PriorityQueue.cc index 75b731142e..4f969c4830 100644 --- a/src/PriorityQueue.cc +++ b/src/PriorityQueue.cc @@ -13,7 +13,7 @@ PriorityQueue::PriorityQueue(int initial_size) { max_heap_size = initial_size; heap = new PQ_Element*[max_heap_size]; - peak_heap_size = heap_size = 0; + peak_heap_size = heap_size = cumulative_num = 0; } PriorityQueue::~PriorityQueue() @@ -62,6 +62,7 @@ int PriorityQueue::Add(PQ_Element* e) BubbleUp(heap_size); + ++cumulative_num; if ( ++heap_size > peak_heap_size ) peak_heap_size = heap_size; diff --git a/src/PriorityQueue.h b/src/PriorityQueue.h index 87e10aa7ac..bb1caad592 100644 --- a/src/PriorityQueue.h +++ b/src/PriorityQueue.h @@ -4,6 +4,7 @@ #define __PriorityQueue__ #include +#include "util.h" class PriorityQueue; @@ -53,6 +54,7 @@ public: int Size() const { return heap_size; } int PeakSize() const { return peak_heap_size; } + uint64 CumulativeNum() const { return cumulative_num; } protected: int Resize(int new_size); @@ -92,6 +94,7 @@ protected: int heap_size; int peak_heap_size; int max_heap_size; + uint64 cumulative_num; }; #endif diff --git a/src/Timer.h b/src/Timer.h index 615c8bf69a..12d849cac2 100644 --- a/src/Timer.h +++ b/src/Timer.h @@ -109,6 +109,7 @@ public: virtual int Size() const = 0; virtual int PeakSize() const = 0; + virtual uint64 CumulativeNum() const = 0; double LastTimestamp() const { return last_timestamp; } // Returns time of last advance in global network time. @@ -148,6 +149,7 @@ public: int Size() const { return q->Size(); } int PeakSize() const { return q->PeakSize(); } + uint64 CumulativeNum() const { return q->CumulativeNum(); } unsigned int MemoryUsage() const; protected: @@ -170,6 +172,7 @@ public: int Size() const { return cq_size(cq); } int PeakSize() const { return cq_max_size(cq); } + uint64 CumulativeNum() const { return cq_cumulative_num(cq); } unsigned int MemoryUsage() const; protected: diff --git a/src/cq.c b/src/cq.c index 8005544400..16153f0a39 100644 --- a/src/cq.c +++ b/src/cq.c @@ -42,6 +42,7 @@ struct cq_handle { int lowmark; /* low bucket threshold */ int nextbucket; /* next bucket to check */ int noresize; /* don't resize while we're resizing */ + uint64_t cumulative_num; /* cumulative entries ever enqueued */ double lastpri; /* last priority */ double ysize; /* length of a year */ double bwidth; /* width of each bucket */ @@ -175,6 +176,7 @@ cq_enqueue(register struct cq_handle *hp, register double pri, } bp->pri = pri; bp->cookie = cookie; + ++hp->cumulative_num; if (++hp->qlen > hp->max_qlen) hp->max_qlen = hp->qlen; #ifdef DEBUG @@ -414,6 +416,13 @@ cq_max_size(struct cq_handle *hp) return hp->max_qlen; } +uint64_t +cq_cumulative_num(struct cq_handle *hp) +{ + return hp->cumulative_num; +} + + /* Return without doing anything if we fail to allocate a new bucket array */ static int cq_resize(register struct cq_handle *hp, register int grow) diff --git a/src/cq.h b/src/cq.h index 540cccde74..c79eefc790 100644 --- a/src/cq.h +++ b/src/cq.h @@ -5,6 +5,7 @@ void *cq_dequeue(struct cq_handle *, double); void *cq_remove(struct cq_handle *, double, void *); int cq_size(struct cq_handle *); int cq_max_size(struct cq_handle *); +uint64_t cq_cumulative_num(struct cq_handle *); unsigned int cq_memory_allocation(void); #ifdef DEBUG void cq_debug(struct cq_handle *, int); diff --git a/src/stats.bif b/src/stats.bif index d7e812df93..3a975145b6 100644 --- a/src/stats.bif +++ b/src/stats.bif @@ -214,6 +214,7 @@ function get_timer_stats%(%): TimerStats r->Assign(n++, new Val(unsigned(timer_mgr->Size()), TYPE_COUNT)); r->Assign(n++, new Val(unsigned(timer_mgr->PeakSize()), TYPE_COUNT)); + r->Assign(n++, new Val(timer_mgr->CumulativeNum(), TYPE_COUNT)); return r; %}