mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
change names of data structures after talking with seth
This commit is contained in:
Bernhard Amann
parent
b0c4dcdfed
commit
80962ad74b
5 changed files with 24 additions and 24 deletions
|
|
@ -5,7 +5,7 @@ module SumStats;
|
||||||
|
|
||||||
export {
|
export {
|
||||||
redef enum Calculation += {
|
redef enum Calculation += {
|
||||||
## Keep last X observations in Queue
|
## Keep last X observations in a queue
|
||||||
LAST
|
LAST
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -16,15 +16,15 @@ export {
|
||||||
|
|
||||||
redef record ResultVal += {
|
redef record ResultVal += {
|
||||||
## This is the queue where elements are maintained. Use the
|
## This is the queue where elements are maintained. Use the
|
||||||
## :bro:see:`SumStats::get_elements` function to get a vector of the samples.
|
## :bro:see:`SumStats::get_elements` function to get a vector of the current element values.
|
||||||
last_elements: Queue::Queue &optional;
|
last_elements: Queue::Queue &optional;
|
||||||
};
|
};
|
||||||
|
|
||||||
## Get a vector of element values from a ResultVal.
|
## Get a vector of element values from a ResultVal.
|
||||||
global get_elements: function(rv: ResultVal): vector of Observation;
|
global get_last_elements: function(rv: ResultVal): vector of Observation;
|
||||||
}
|
}
|
||||||
|
|
||||||
function get_elements(rv: ResultVal): vector of Observation
|
function get_last_elements(rv: ResultVal): vector of Observation
|
||||||
{
|
{
|
||||||
local s: vector of Observation = vector();
|
local s: vector of Observation = vector();
|
||||||
if ( rv?$last_elements )
|
if ( rv?$last_elements )
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ export {
|
||||||
|
|
||||||
redef record ResultVal += {
|
redef record ResultVal += {
|
||||||
## This is the vector in which the samples are maintained.
|
## This is the vector in which the samples are maintained.
|
||||||
sample_vector: vector of Observation &default=vector();
|
samples: vector of Observation &default=vector();
|
||||||
|
|
||||||
## Number of total observed elements.
|
## Number of total observed elements.
|
||||||
sample_elements: count &default=0;
|
sample_elements: count &default=0;
|
||||||
|
|
@ -39,13 +39,13 @@ function sample_add_sample(obs:Observation, rv: ResultVal)
|
||||||
{
|
{
|
||||||
++rv$sample_elements;
|
++rv$sample_elements;
|
||||||
|
|
||||||
if ( |rv$sample_vector| < rv$num_samples )
|
if ( |rv$samples| < rv$num_samples )
|
||||||
rv$sample_vector[|rv$sample_vector|] = obs;
|
rv$samples[|rv$samples|] = obs;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
local ra = rand(rv$sample_elements);
|
local ra = rand(rv$sample_elements);
|
||||||
if ( ra < rv$num_samples )
|
if ( ra < rv$num_samples )
|
||||||
rv$sample_vector[ra] = obs;
|
rv$samples[ra] = obs;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -69,26 +69,26 @@ hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal)
|
||||||
local num_samples = rv1$num_samples;
|
local num_samples = rv1$num_samples;
|
||||||
result$num_samples = num_samples;
|
result$num_samples = num_samples;
|
||||||
|
|
||||||
if ( |rv1$sample_vector| > num_samples || |rv2$sample_vector| > num_samples )
|
if ( |rv1$samples| > num_samples || |rv2$samples| > num_samples )
|
||||||
{
|
{
|
||||||
Reporter::error("Sample vector with too many elements. Aborting.");
|
Reporter::error("Sample vector with too many elements. Aborting.");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if ( |rv1$sample_vector| != num_samples && |rv2$sample_vector| < num_samples )
|
if ( |rv1$samples| != num_samples && |rv2$samples| < num_samples )
|
||||||
{
|
{
|
||||||
if ( |rv1$sample_vector| != rv1$sample_elements || |rv2$sample_vector| < rv2$sample_elements )
|
if ( |rv1$samples| != rv1$sample_elements || |rv2$samples| < rv2$sample_elements )
|
||||||
{
|
{
|
||||||
Reporter::error("Mismatch in sample element size and tracking. Aborting merge");
|
Reporter::error("Mismatch in sample element size and tracking. Aborting merge");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
for ( i in rv1$sample_vector )
|
for ( i in rv1$samples )
|
||||||
sample_add_sample(rv1$sample_vector[i], result);
|
sample_add_sample(rv1$samples[i], result);
|
||||||
|
|
||||||
for ( i in rv2$sample_vector)
|
for ( i in rv2$samples)
|
||||||
sample_add_sample(rv2$sample_vector[i], result);
|
sample_add_sample(rv2$samples[i], result);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
@ -96,14 +96,14 @@ hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal)
|
||||||
local othercount: count;
|
local othercount: count;
|
||||||
if ( rv1$sample_elements > rv2$sample_elements )
|
if ( rv1$sample_elements > rv2$sample_elements )
|
||||||
{
|
{
|
||||||
result$sample_vector = copy(rv1$sample_vector);
|
result$samples = copy(rv1$samples);
|
||||||
other_vector = rv2$sample_vector;
|
other_vector = rv2$samples;
|
||||||
othercount = rv2$sample_elements;
|
othercount = rv2$sample_elements;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
result$sample_vector = copy(rv2$sample_vector);
|
result$samples = copy(rv2$samples);
|
||||||
other_vector = rv1$sample_vector;
|
other_vector = rv1$samples;
|
||||||
othercount = rv1$sample_elements;
|
othercount = rv1$sample_elements;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -112,7 +112,7 @@ hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal)
|
||||||
for ( i in other_vector )
|
for ( i in other_vector )
|
||||||
{
|
{
|
||||||
if ( rand(totalcount) <= othercount )
|
if ( rand(totalcount) <= othercount )
|
||||||
result$sample_vector[i] = other_vector[i];
|
result$samples[i] = other_vector[i];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,7 @@ event bro_init() &priority=3
|
||||||
local r = result["http.sqli.attacker"];
|
local r = result["http.sqli.attacker"];
|
||||||
NOTICE([$note=SQL_Injection_Attacker,
|
NOTICE([$note=SQL_Injection_Attacker,
|
||||||
$msg="An SQL injection attacker was discovered!",
|
$msg="An SQL injection attacker was discovered!",
|
||||||
$email_body_sections=vector(format_sqli_samples(r$sample_vector)),
|
$email_body_sections=vector(format_sqli_samples(r$samples)),
|
||||||
$src=key$host,
|
$src=key$host,
|
||||||
$identifier=cat(key$host)]);
|
$identifier=cat(key$host)]);
|
||||||
}]);
|
}]);
|
||||||
|
|
@ -94,7 +94,7 @@ event bro_init() &priority=3
|
||||||
local r = result["http.sqli.victim"];
|
local r = result["http.sqli.victim"];
|
||||||
NOTICE([$note=SQL_Injection_Victim,
|
NOTICE([$note=SQL_Injection_Victim,
|
||||||
$msg="An SQL injection victim was discovered!",
|
$msg="An SQL injection victim was discovered!",
|
||||||
$email_body_sections=vector(format_sqli_samples(r$sample_vector)),
|
$email_body_sections=vector(format_sqli_samples(r$samples)),
|
||||||
$src=key$host,
|
$src=key$host,
|
||||||
$identifier=cat(key$host)]);
|
$identifier=cat(key$host)]);
|
||||||
}]);
|
}]);
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@ event bro_init() &priority=5
|
||||||
{
|
{
|
||||||
print key$host;
|
print key$host;
|
||||||
local r = rt[key]["test"];
|
local r = rt[key]["test"];
|
||||||
print r$sample_vector;
|
print r$samples;
|
||||||
print r$sample_elements;
|
print r$sample_elements;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ event bro_init() &priority=5
|
||||||
{
|
{
|
||||||
print key$host;
|
print key$host;
|
||||||
local r = data[key]["test.metric"];
|
local r = data[key]["test.metric"];
|
||||||
print r$sample_vector;
|
print r$samples;
|
||||||
print r$sample_elements;
|
print r$sample_elements;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue