Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 13:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Some scripts for collecting connection stats and "app" stats.

Browse source 
- App stats are considered stats for applications on the internet.
  Services like facebook, youtube, etc.
This commit is contained in:
Seth Hall 2012-03-28 15:52:20 -04:00
parent 47f58e6340
commit df6a180023
2 changed files with 96 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
scripts/policy/protocols/conn/metrics.bro Normal file
View file

@ -0,0 +1,21 @@
@load base/frameworks/metrics
event bro_init() &priority=3
{
Metrics::add_filter("conns.country", [$break_interval=1hr]);
Metrics::add_filter("hosts.active", [$break_interval=1hr]);
}
event connection_established(c: connection) &priority=3
{
if ( Site::is_local_addr(c$id$orig_h) )
{
local loc = lookup_location(c$id$resp_h);
if ( loc?$country_code )
Metrics::add_data("conns.country", [$str=loc$country_code], 1);
}
local the_host = Site::is_local_addr(c$id$orig_h) ? c$id$orig_h : c$id$resp_h;
# There is no index for this.
Metrics::add_unique("hosts.active", [], cat(the_host));
}