Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 00:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

API updates for metrics framework.

Browse source 
- Removed default logging.  Now a function is available for the new
  $period_finished filter field to get the same behavior for logging
  named Metrics::write_log.

- Added index rollups for getting multiple metrics result values
  as the same time.
This commit is contained in:
Seth Hall 2012-12-18 01:08:59 -05:00
parent 69030fdff3
commit 69b7ce12d2
17 changed files with 304 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/policy/protocols/conn/conn-stats-per-host.bro
View file

@ -6,10 +6,12 @@ event bro_init() &priority=5
{
Metrics::add_filter("conn.orig.data",
[$every=5mins,
$measure=set(Metrics::VARIANCE, Metrics::AVG, Metrics::MAX, Metrics::MIN, Metrics::STD_DEV)]);
$measure=set(Metrics::VARIANCE, Metrics::AVG, Metrics::MAX, Metrics::MIN, Metrics::STD_DEV),
$period_finished=Metrics::write_log]);
Metrics::add_filter("conn.resp.data",
[$every=5mins,
$measure=set(Metrics::VARIANCE, Metrics::AVG, Metrics::MAX, Metrics::MIN, Metrics::STD_DEV)]);
$measure=set(Metrics::VARIANCE, Metrics::AVG, Metrics::MAX, Metrics::MIN, Metrics::STD_DEV),
$period_finished=Metrics::write_log]);
}

6
scripts/policy/protocols/conn/metrics.bro
View file

@ -3,8 +3,10 @@
event bro_init() &priority=3
{
Metrics::add_filter("conns.country", [$every=1hr, $measure=set(Metrics::SUM)]);
Metrics::add_filter("hosts.active", [$every=1hr, $measure=set(Metrics::SUM)]);
Metrics::add_filter("conns.country", [$every=1hr, $measure=set(Metrics::SUM),
$period_finished=Metrics::write_log]);
Metrics::add_filter("hosts.active", [$every=1hr, $measure=set(Metrics::SUM),
$period_finished=Metrics::write_log]);
}
event connection_established(c: connection) &priority=3