diff --git a/scripts/base/frameworks/sumstats/plugins/last.bro b/scripts/base/frameworks/sumstats/plugins/last.bro index 58baa85b98..1c70db372c 100644 --- a/scripts/base/frameworks/sumstats/plugins/last.bro +++ b/scripts/base/frameworks/sumstats/plugins/last.bro @@ -5,7 +5,7 @@ module SumStats; export { redef enum Calculation += { - ## Keep last X observations in Queue + ## Keep last X observations in a queue LAST }; @@ -16,15 +16,15 @@ export { redef record ResultVal += { ## This is the queue where elements are maintained. Use the - ## :bro:see:`SumStats::get_elements` function to get a vector of the samples. + ## :bro:see:`SumStats::get_elements` function to get a vector of the current element values. last_elements: Queue::Queue &optional; }; ## Get a vector of element values from a ResultVal. - global get_elements: function(rv: ResultVal): vector of Observation; + global get_last_elements: function(rv: ResultVal): vector of Observation; } -function get_elements(rv: ResultVal): vector of Observation +function get_last_elements(rv: ResultVal): vector of Observation { local s: vector of Observation = vector(); if ( rv?$last_elements ) diff --git a/scripts/base/frameworks/sumstats/plugins/sample.bro b/scripts/base/frameworks/sumstats/plugins/sample.bro index 12394fa0e9..328067c939 100644 --- a/scripts/base/frameworks/sumstats/plugins/sample.bro +++ b/scripts/base/frameworks/sumstats/plugins/sample.bro @@ -15,7 +15,7 @@ export { redef record ResultVal += { ## This is the vector in which the samples are maintained. - sample_vector: vector of Observation &default=vector(); + samples: vector of Observation &default=vector(); ## Number of total observed elements. sample_elements: count &default=0; @@ -39,13 +39,13 @@ function sample_add_sample(obs:Observation, rv: ResultVal) { ++rv$sample_elements; - if ( |rv$sample_vector| < rv$num_samples ) - rv$sample_vector[|rv$sample_vector|] = obs; + if ( |rv$samples| < rv$num_samples ) + rv$samples[|rv$samples|] = obs; else { local ra = rand(rv$sample_elements); if ( ra < rv$num_samples ) - rv$sample_vector[ra] = obs; + rv$samples[ra] = obs; } } @@ -69,26 +69,26 @@ hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal) local num_samples = rv1$num_samples; result$num_samples = num_samples; - if ( |rv1$sample_vector| > num_samples || |rv2$sample_vector| > num_samples ) + if ( |rv1$samples| > num_samples || |rv2$samples| > num_samples ) { Reporter::error("Sample vector with too many elements. Aborting."); return; } - if ( |rv1$sample_vector| != num_samples && |rv2$sample_vector| < num_samples ) + if ( |rv1$samples| != num_samples && |rv2$samples| < num_samples ) { - if ( |rv1$sample_vector| != rv1$sample_elements || |rv2$sample_vector| < rv2$sample_elements ) + if ( |rv1$samples| != rv1$sample_elements || |rv2$samples| < rv2$sample_elements ) { Reporter::error("Mismatch in sample element size and tracking. Aborting merge"); return; } - for ( i in rv1$sample_vector ) - sample_add_sample(rv1$sample_vector[i], result); + for ( i in rv1$samples ) + sample_add_sample(rv1$samples[i], result); - for ( i in rv2$sample_vector) - sample_add_sample(rv2$sample_vector[i], result); + for ( i in rv2$samples) + sample_add_sample(rv2$samples[i], result); } else { @@ -96,14 +96,14 @@ hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal) local othercount: count; if ( rv1$sample_elements > rv2$sample_elements ) { - result$sample_vector = copy(rv1$sample_vector); - other_vector = rv2$sample_vector; + result$samples = copy(rv1$samples); + other_vector = rv2$samples; othercount = rv2$sample_elements; } else { - result$sample_vector = copy(rv2$sample_vector); - other_vector = rv1$sample_vector; + result$samples = copy(rv2$samples); + other_vector = rv1$samples; othercount = rv1$sample_elements; } @@ -112,7 +112,7 @@ hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal) for ( i in other_vector ) { if ( rand(totalcount) <= othercount ) - result$sample_vector[i] = other_vector[i]; + result$samples[i] = other_vector[i]; } } } diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.bro index 40d3805b92..8671bbd165 100644 --- a/scripts/policy/protocols/http/detect-sqli.bro +++ b/scripts/policy/protocols/http/detect-sqli.bro @@ -76,7 +76,7 @@ event bro_init() &priority=3 local r = result["http.sqli.attacker"]; NOTICE([$note=SQL_Injection_Attacker, $msg="An SQL injection attacker was discovered!", - $email_body_sections=vector(format_sqli_samples(r$sample_vector)), + $email_body_sections=vector(format_sqli_samples(r$samples)), $src=key$host, $identifier=cat(key$host)]); }]); @@ -94,7 +94,7 @@ event bro_init() &priority=3 local r = result["http.sqli.victim"]; NOTICE([$note=SQL_Injection_Victim, $msg="An SQL injection victim was discovered!", - $email_body_sections=vector(format_sqli_samples(r$sample_vector)), + $email_body_sections=vector(format_sqli_samples(r$samples)), $src=key$host, $identifier=cat(key$host)]); }]); diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro index c83cf7028e..458bef01de 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro @@ -31,7 +31,7 @@ event bro_init() &priority=5 { print key$host; local r = rt[key]["test"]; - print r$sample_vector; + print r$samples; print r$sample_elements; } diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample.bro b/testing/btest/scripts/base/frameworks/sumstats/sample.bro index e0cef0ec10..04d7b4f256 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample.bro +++ b/testing/btest/scripts/base/frameworks/sumstats/sample.bro @@ -13,7 +13,7 @@ event bro_init() &priority=5 { print key$host; local r = data[key]["test.metric"]; - print r$sample_vector; + print r$samples; print r$sample_elements; } }