:tocdepth: 3 policy/misc/stats.zeek ====================== .. zeek:namespace:: Stats Log memory/packet/lag statistics. :Namespace: Stats :Imports: :doc:`base/frameworks/notice `, :doc:`base/frameworks/telemetry `, :doc:`base/utils/time.zeek ` Summary ~~~~~~~ Runtime Options ############### ============================================================================ ============================= :zeek:id:`Stats::report_interval`: :zeek:type:`interval` :zeek:attr:`&redef` How often stats are reported. ============================================================================ ============================= Types ##### ============================================= = :zeek:type:`Stats::Info`: :zeek:type:`record` ============================================= = Redefinitions ############# ======================================= ========================= :zeek:type:`Log::ID`: :zeek:type:`enum` * :zeek:enum:`Stats::LOG` ======================================= ========================= Events ###### =============================================== =============================================================== :zeek:id:`Stats::log_stats`: :zeek:type:`event` Event to catch stats as they are written to the logging stream. =============================================== =============================================================== Hooks ##### ========================================================== = :zeek:id:`Stats::log_policy`: :zeek:type:`Log::PolicyHook` ========================================================== = Detailed Interface ~~~~~~~~~~~~~~~~~~ Runtime Options ############### .. zeek:id:: Stats::report_interval :source-code: policy/misc/stats.zeek 15 15 :Type: :zeek:type:`interval` :Attributes: :zeek:attr:`&redef` :Default: ``5.0 mins`` How often stats are reported. Types ##### .. zeek:type:: Stats::Info :source-code: policy/misc/stats.zeek 17 86 :Type: :zeek:type:`record` .. zeek:field:: ts :zeek:type:`time` :zeek:attr:`&log` Timestamp for the measurement. .. zeek:field:: peer :zeek:type:`string` :zeek:attr:`&log` Peer that generated this log. Mostly for clusters. .. zeek:field:: mem :zeek:type:`count` :zeek:attr:`&log` Amount of memory currently in use in MB. .. zeek:field:: pkts_proc :zeek:type:`count` :zeek:attr:`&log` Number of packets processed since the last stats interval. .. zeek:field:: bytes_recv :zeek:type:`count` :zeek:attr:`&log` Number of bytes received since the last stats interval if reading live traffic. .. zeek:field:: pkts_dropped :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional` Number of packets dropped since the last stats interval if reading live traffic. .. zeek:field:: pkts_link :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional` Number of packets seen on the link since the last stats interval if reading live traffic. .. zeek:field:: pkt_lag :zeek:type:`interval` :zeek:attr:`&log` :zeek:attr:`&optional` Lag between the wall clock and packet timestamps if reading live traffic. .. zeek:field:: pkts_filtered :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional` Number of packets filtered from the link since the last stats interval if reading live traffic. .. zeek:field:: events_proc :zeek:type:`count` :zeek:attr:`&log` Number of events processed since the last stats interval. .. zeek:field:: events_queued :zeek:type:`count` :zeek:attr:`&log` Number of events that have been queued since the last stats interval. .. zeek:field:: active_tcp_conns :zeek:type:`count` :zeek:attr:`&log` TCP connections currently in memory. .. zeek:field:: active_udp_conns :zeek:type:`count` :zeek:attr:`&log` UDP connections currently in memory. .. zeek:field:: active_icmp_conns :zeek:type:`count` :zeek:attr:`&log` ICMP connections currently in memory. .. zeek:field:: tcp_conns :zeek:type:`count` :zeek:attr:`&log` TCP connections seen since last stats interval. .. zeek:field:: udp_conns :zeek:type:`count` :zeek:attr:`&log` UDP connections seen since last stats interval. .. zeek:field:: icmp_conns :zeek:type:`count` :zeek:attr:`&log` ICMP connections seen since last stats interval. .. zeek:field:: timers :zeek:type:`count` :zeek:attr:`&log` Number of timers scheduled since last stats interval. .. zeek:field:: active_timers :zeek:type:`count` :zeek:attr:`&log` Current number of scheduled timers. .. zeek:field:: files :zeek:type:`count` :zeek:attr:`&log` Number of files seen since last stats interval. .. zeek:field:: active_files :zeek:type:`count` :zeek:attr:`&log` Current number of files actively being seen. .. zeek:field:: dns_requests :zeek:type:`count` :zeek:attr:`&log` Number of DNS requests seen since last stats interval. .. zeek:field:: active_dns_requests :zeek:type:`count` :zeek:attr:`&log` Current number of DNS requests awaiting a reply. .. zeek:field:: reassem_tcp_size :zeek:type:`count` :zeek:attr:`&log` Current size of TCP data in reassembly. .. zeek:field:: reassem_file_size :zeek:type:`count` :zeek:attr:`&log` Current size of File data in reassembly. .. zeek:field:: reassem_frag_size :zeek:type:`count` :zeek:attr:`&log` Current size of packet fragment data in reassembly. .. zeek:field:: reassem_unknown_size :zeek:type:`count` :zeek:attr:`&log` Current size of unknown data in reassembly (this is only PIA buffer right now). Events ###### .. zeek:id:: Stats::log_stats :source-code: policy/misc/stats.zeek 89 89 :Type: :zeek:type:`event` (rec: :zeek:type:`Stats::Info`) Event to catch stats as they are written to the logging stream. Hooks ##### .. zeek:id:: Stats::log_policy :source-code: policy/misc/stats.zeek 12 12 :Type: :zeek:type:`Log::PolicyHook`