More stats collection extensions.

2025-10-04 15:48:19 +00:00 · 2016-01-08 17:03:16 -05:00 · 2016-01-08 17:03:16 -05:00 · 3c71d4ffa8
commit 3c71d4ffa8
parent 6d836b7956
8 changed files with 47 additions and 10 deletions
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@ -530,8 +530,9 @@ type MatcherStats: record {
 };

 type TimerStats: record {
-	num_timers: count; ##< Current number of pending timers.
-	max_timers: count; ##< Maximum number of concurrent timers pending so far.
+	current:    count; ##< Current number of pending timers.
+	max:        count; ##< Maximum number of concurrent timers pending so far.
+	cumulative: count;
 };

 type FileAnalysisStats: record {
--- a/scripts/policy/misc/stats.bro
+++ b/scripts/policy/misc/stats.bro
@ -39,6 +39,16 @@ export {
 		## ICMP connections seen since last stats interval.
 		icmp_conns:        count &log;

+		## Number of timers scheduled since last stats interval.
+		timers: count &log;
+		## Current number of scheduled timers.
+		active_timers: count &log;
+
+		## Number of files seen since last stats interval.
+		files: count &log;
+		## Current number of files actively being seen.
+		active_files: count &log;
+
 		## Current size of TCP data in reassembly.
 		reassem_tcp_size: count &log;
 		## Current size of File data in reassembly.
@ -74,14 +84,16 @@ event bro_init() &priority=5
 	Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats, $path="stats"]);
 	}

-event check_stats(last_ts: time, last_ns: NetStats, last_cs: ConnStats, last_ps: ProcStats, last_es: EventStats, last_rs: ReassemblerStats)
+event check_stats(then: time, last_ns: NetStats, last_cs: ConnStats, last_ps: ProcStats, last_es: EventStats, last_rs: ReassemblerStats, last_ts: TimerStats, last_fs: FileAnalysisStats)
 	{
-	local now = current_time();
+	local now = network_time();
 	local ns = get_net_stats();
 	local cs = get_conn_stats();
 	local ps = get_proc_stats();
 	local es = get_event_stats();
 	local rs = get_reassembler_stats();
+	local ts = get_timer_stats();
+	local fs = get_file_analysis_stats();

 	if ( bro_is_terminating() )
 		# No more stats will be written or scheduled when Bro is
@ -90,7 +102,7 @@ event check_stats(last_ts: time, last_ns: NetStats, last_cs: ConnStats, last_ps:

 	local info: Info = [$ts=now, 
 	                    $peer=peer_description,
-	                    $mem=ps$mem/1000000,
+	                    $mem=ps$mem/1048576,
 	                    $pkts_proc=ns$pkts_recvd - last_ns$pkts_recvd,

 	                    $active_tcp_conns=cs$num_tcp_conns,
@ -106,11 +118,17 @@ event check_stats(last_ts: time, last_ns: NetStats, last_cs: ConnStats, last_ps:
 	                    $reassem_unknown_size=rs$unknown_size,

 	                    $events_proc=es$num_events_dispatched - last_es$num_events_dispatched,
-	                    $events_queued=es$num_events_queued - last_es$num_events_queued
+	                    $events_queued=es$num_events_queued - last_es$num_events_queued,
+
+	                    $timers=ts$cumulative - last_ts$cumulative,
+	                    $active_timers=ts$current,
+
+	                    $files=fs$cumulative - last_fs$cumulative,
+	                    $active_files=fs$current
 	                    ];

 	# Someone's going to have to explain what this is and add a field to the Info record.
-	# info$util = 100.0*((ps$user_time + ps$system_time) - (last_ps$user_time + last_ps$system_time))/(now-last_ts);
+	# info$util = 100.0*((ps$user_time + ps$system_time) - (last_ps$user_time + last_ps$system_time))/(now-then);

 	if ( reading_live_traffic() )
 		{
@ -122,10 +140,10 @@ event check_stats(last_ts: time, last_ns: NetStats, last_cs: ConnStats, last_ps:
 		}

 	Log::write(Stats::LOG, info);
-	schedule stats_report_interval { check_stats(now, ns, cs, ps, es, rs) };
+	schedule stats_report_interval { check_stats(now, ns, cs, ps, es, rs, ts, fs) };
 	}

 event bro_init()
 	{
-	schedule stats_report_interval { check_stats(current_time(), get_net_stats(), get_conn_stats(), get_proc_stats(), get_event_stats(), get_reassembler_stats()) };
+	schedule stats_report_interval { check_stats(network_time(), get_net_stats(), get_conn_stats(), get_proc_stats(), get_event_stats(), get_reassembler_stats(), get_timer_stats(), get_file_analysis_stats()) };
 	}
--- a/src/PriorityQueue.cc
+++ b/src/PriorityQueue.cc
@ -13,7 +13,7 @@ PriorityQueue::PriorityQueue(int initial_size)
 	{
 	max_heap_size = initial_size;
 	heap = new PQ_Element*[max_heap_size];
-	peak_heap_size = heap_size = 0;
+	peak_heap_size = heap_size = cumulative_num = 0;
 	}

 PriorityQueue::~PriorityQueue()
@ -62,6 +62,7 @@ int PriorityQueue::Add(PQ_Element* e)

 	BubbleUp(heap_size);

+	++cumulative_num;
 	if ( ++heap_size > peak_heap_size )
 		peak_heap_size = heap_size;

--- a/src/PriorityQueue.h
+++ b/src/PriorityQueue.h
@ -4,6 +4,7 @@
 #define __PriorityQueue__

 #include <math.h>
+#include "util.h"

 class PriorityQueue;

@ -53,6 +54,7 @@ public:

 	int Size() const	{ return heap_size; }
 	int PeakSize() const	{ return peak_heap_size; }
+	uint64 CumulativeNum() const { return cumulative_num; }

 protected:
 	int Resize(int new_size);
@ -92,6 +94,7 @@ protected:
 	int heap_size;
 	int peak_heap_size;
 	int max_heap_size;
+	uint64 cumulative_num;
 };

 #endif
--- a/src/Timer.h
+++ b/src/Timer.h
@ -109,6 +109,7 @@ public:

 	virtual int Size() const = 0;
 	virtual int PeakSize() const = 0;
+	virtual uint64 CumulativeNum() const = 0;

 	double LastTimestamp() const	{ return last_timestamp; }
 	// Returns time of last advance in global network time.
@ -148,6 +149,7 @@ public:

 	int Size() const	{ return q->Size(); }
 	int PeakSize() const	{ return q->PeakSize(); }
+	uint64 CumulativeNum() const	{ return q->CumulativeNum(); }
 	unsigned int MemoryUsage() const;

 protected:
@ -170,6 +172,7 @@ public:

 	int Size() const	{ return cq_size(cq); }
 	int PeakSize() const	{ return cq_max_size(cq); }
+	uint64 CumulativeNum() const	{ return cq_cumulative_num(cq); }
 	unsigned int MemoryUsage() const;

 protected:
--- a/src/cq.c
+++ b/src/cq.c
@ -42,6 +42,7 @@ struct cq_handle {
 	int lowmark;			/* low bucket threshold */
 	int nextbucket;			/* next bucket to check */
 	int noresize;			/* don't resize while we're resizing */
+	uint64_t cumulative_num;	/* cumulative entries ever enqueued */
 	double lastpri;			/* last priority */
 	double ysize;			/* length of a year */
 	double bwidth;			/* width of each bucket */
@ -175,6 +176,7 @@ cq_enqueue(register struct cq_handle *hp, register double pri,
 	}
 	bp->pri = pri;
 	bp->cookie = cookie;
+	++hp->cumulative_num;
 	if (++hp->qlen > hp->max_qlen)
 		hp->max_qlen = hp->qlen;
 #ifdef DEBUG
@ -414,6 +416,13 @@ cq_max_size(struct cq_handle *hp)
 	return hp->max_qlen;
 }

+uint64_t
+cq_cumulative_num(struct cq_handle *hp)
+{
+	return hp->cumulative_num;
+}
+
+
 /* Return without doing anything if we fail to allocate a new bucket array */
 static int
 cq_resize(register struct cq_handle *hp, register int grow)
--- a/src/cq.h
+++ b/src/cq.h
@ -5,6 +5,7 @@ void *cq_dequeue(struct cq_handle *, double);
 void *cq_remove(struct cq_handle *, double, void *);
 int cq_size(struct cq_handle *);
 int cq_max_size(struct cq_handle *);
+uint64_t cq_cumulative_num(struct cq_handle *);
 unsigned int cq_memory_allocation(void);
 #ifdef DEBUG
 void cq_debug(struct cq_handle *, int);
--- a/src/stats.bif
+++ b/src/stats.bif
@ -214,6 +214,7 @@ function get_timer_stats%(%): TimerStats

 	r->Assign(n++, new Val(unsigned(timer_mgr->Size()), TYPE_COUNT));
 	r->Assign(n++, new Val(unsigned(timer_mgr->PeakSize()), TYPE_COUNT));
+	r->Assign(n++, new Val(timer_mgr->CumulativeNum(), TYPE_COUNT));

 	return r;
 	%}