mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 01:28:20 +00:00
change names of data structures after talking with seth
This commit is contained in:
Bernhard Amann
parent
b0c4dcdfed
commit
80962ad74b
5 changed files with 24 additions and 24 deletions
|
|
@ -5,7 +5,7 @@ module SumStats;
|
|||
|
||||
export {
|
||||
redef enum Calculation += {
|
||||
## Keep last X observations in Queue
|
||||
## Keep last X observations in a queue
|
||||
LAST
|
||||
};
|
||||
|
||||
|
|
@ -16,15 +16,15 @@ export {
|
|||
|
||||
redef record ResultVal += {
|
||||
## This is the queue where elements are maintained. Use the
|
||||
## :bro:see:`SumStats::get_elements` function to get a vector of the samples.
|
||||
## :bro:see:`SumStats::get_elements` function to get a vector of the current element values.
|
||||
last_elements: Queue::Queue &optional;
|
||||
};
|
||||
|
||||
## Get a vector of element values from a ResultVal.
|
||||
global get_elements: function(rv: ResultVal): vector of Observation;
|
||||
global get_last_elements: function(rv: ResultVal): vector of Observation;
|
||||
}
|
||||
|
||||
function get_elements(rv: ResultVal): vector of Observation
|
||||
function get_last_elements(rv: ResultVal): vector of Observation
|
||||
{
|
||||
local s: vector of Observation = vector();
|
||||
if ( rv?$last_elements )
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ export {
|
|||
|
||||
redef record ResultVal += {
|
||||
## This is the vector in which the samples are maintained.
|
||||
sample_vector: vector of Observation &default=vector();
|
||||
samples: vector of Observation &default=vector();
|
||||
|
||||
## Number of total observed elements.
|
||||
sample_elements: count &default=0;
|
||||
|
|
@ -39,13 +39,13 @@ function sample_add_sample(obs:Observation, rv: ResultVal)
|
|||
{
|
||||
++rv$sample_elements;
|
||||
|
||||
if ( |rv$sample_vector| < rv$num_samples )
|
||||
rv$sample_vector[|rv$sample_vector|] = obs;
|
||||
if ( |rv$samples| < rv$num_samples )
|
||||
rv$samples[|rv$samples|] = obs;
|
||||
else
|
||||
{
|
||||
local ra = rand(rv$sample_elements);
|
||||
if ( ra < rv$num_samples )
|
||||
rv$sample_vector[ra] = obs;
|
||||
rv$samples[ra] = obs;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -69,26 +69,26 @@ hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal)
|
|||
local num_samples = rv1$num_samples;
|
||||
result$num_samples = num_samples;
|
||||
|
||||
if ( |rv1$sample_vector| > num_samples || |rv2$sample_vector| > num_samples )
|
||||
if ( |rv1$samples| > num_samples || |rv2$samples| > num_samples )
|
||||
{
|
||||
Reporter::error("Sample vector with too many elements. Aborting.");
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
if ( |rv1$sample_vector| != num_samples && |rv2$sample_vector| < num_samples )
|
||||
if ( |rv1$samples| != num_samples && |rv2$samples| < num_samples )
|
||||
{
|
||||
if ( |rv1$sample_vector| != rv1$sample_elements || |rv2$sample_vector| < rv2$sample_elements )
|
||||
if ( |rv1$samples| != rv1$sample_elements || |rv2$samples| < rv2$sample_elements )
|
||||
{
|
||||
Reporter::error("Mismatch in sample element size and tracking. Aborting merge");
|
||||
return;
|
||||
}
|
||||
|
||||
for ( i in rv1$sample_vector )
|
||||
sample_add_sample(rv1$sample_vector[i], result);
|
||||
for ( i in rv1$samples )
|
||||
sample_add_sample(rv1$samples[i], result);
|
||||
|
||||
for ( i in rv2$sample_vector)
|
||||
sample_add_sample(rv2$sample_vector[i], result);
|
||||
for ( i in rv2$samples)
|
||||
sample_add_sample(rv2$samples[i], result);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -96,14 +96,14 @@ hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal)
|
|||
local othercount: count;
|
||||
if ( rv1$sample_elements > rv2$sample_elements )
|
||||
{
|
||||
result$sample_vector = copy(rv1$sample_vector);
|
||||
other_vector = rv2$sample_vector;
|
||||
result$samples = copy(rv1$samples);
|
||||
other_vector = rv2$samples;
|
||||
othercount = rv2$sample_elements;
|
||||
}
|
||||
else
|
||||
{
|
||||
result$sample_vector = copy(rv2$sample_vector);
|
||||
other_vector = rv1$sample_vector;
|
||||
result$samples = copy(rv2$samples);
|
||||
other_vector = rv1$samples;
|
||||
othercount = rv1$sample_elements;
|
||||
}
|
||||
|
||||
|
|
@ -112,7 +112,7 @@ hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal)
|
|||
for ( i in other_vector )
|
||||
{
|
||||
if ( rand(totalcount) <= othercount )
|
||||
result$sample_vector[i] = other_vector[i];
|
||||
result$samples[i] = other_vector[i];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ event bro_init() &priority=3
|
|||
local r = result["http.sqli.attacker"];
|
||||
NOTICE([$note=SQL_Injection_Attacker,
|
||||
$msg="An SQL injection attacker was discovered!",
|
||||
$email_body_sections=vector(format_sqli_samples(r$sample_vector)),
|
||||
$email_body_sections=vector(format_sqli_samples(r$samples)),
|
||||
$src=key$host,
|
||||
$identifier=cat(key$host)]);
|
||||
}]);
|
||||
|
|
@ -94,7 +94,7 @@ event bro_init() &priority=3
|
|||
local r = result["http.sqli.victim"];
|
||||
NOTICE([$note=SQL_Injection_Victim,
|
||||
$msg="An SQL injection victim was discovered!",
|
||||
$email_body_sections=vector(format_sqli_samples(r$sample_vector)),
|
||||
$email_body_sections=vector(format_sqli_samples(r$samples)),
|
||||
$src=key$host,
|
||||
$identifier=cat(key$host)]);
|
||||
}]);
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ event bro_init() &priority=5
|
|||
{
|
||||
print key$host;
|
||||
local r = rt[key]["test"];
|
||||
print r$sample_vector;
|
||||
print r$samples;
|
||||
print r$sample_elements;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ event bro_init() &priority=5
|
|||
{
|
||||
print key$host;
|
||||
local r = data[key]["test.metric"];
|
||||
print r$sample_vector;
|
||||
print r$samples;
|
||||
print r$sample_elements;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue