Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 23:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/doc/scripts/base/protocols/conn/thresholds.bro.rst
Jon Siwek 7e9d48f532 Remove broxygen Sphinx integration 
The broxygen-generated files now live in the git repo, have tests
that check that they are up-to-date, and a script to re-generate
them on-demand.
2018-12-18 10:15:22 -06:00

172 lines
5.7 KiB
ReStructuredText
Raw Blame History

:tocdepth: 3
base/protocols/conn/thresholds.bro
==================================
.. bro:namespace:: ConnThreshold
Implements a generic API to throw events when a connection crosses a
fixed threshold of bytes or packets.
:Namespace: ConnThreshold
Summary
~~~~~~~
Types
#####
========================================================= =
:bro:type:`ConnThreshold::Thresholds`: :bro:type:`record`
========================================================= =
Redefinitions
#############
========================================== =
:bro:type:`connection`: :bro:type:`record`
========================================== =
Events
######
===================================================================== ============================================================
:bro:id:`ConnThreshold::bytes_threshold_crossed`: :bro:type:`event` Generated for a connection that crossed a set byte threshold
:bro:id:`ConnThreshold::packets_threshold_crossed`: :bro:type:`event` Generated for a connection that crossed a set byte threshold
===================================================================== ============================================================
Functions
#########
======================================================================= ===================================================================================================
:bro:id:`ConnThreshold::delete_bytes_threshold`: :bro:type:`function` Deletes a byte threshold for connection sizes.
:bro:id:`ConnThreshold::delete_packets_threshold`: :bro:type:`function` Deletes a packet threshold for connection sizes.
:bro:id:`ConnThreshold::set_bytes_threshold`: :bro:type:`function` Sets a byte threshold for connection sizes, adding it to potentially already existing thresholds.
:bro:id:`ConnThreshold::set_packets_threshold`: :bro:type:`function` Sets a packet threshold for connection sizes, adding it to potentially already existing thresholds.
======================================================================= ===================================================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Types
#####
.. bro:type:: ConnThreshold::Thresholds
:Type: :bro:type:`record`
orig_byte: :bro:type:`set` [:bro:type:`count`] :bro:attr:`&default` = ``{ }`` :bro:attr:`&optional`
current originator byte thresholds we watch for
resp_byte: :bro:type:`set` [:bro:type:`count`] :bro:attr:`&default` = ``{ }`` :bro:attr:`&optional`
current responder byte thresholds we watch for
orig_packet: :bro:type:`set` [:bro:type:`count`] :bro:attr:`&default` = ``{ }`` :bro:attr:`&optional`
corrent originator packet thresholds we watch for
resp_packet: :bro:type:`set` [:bro:type:`count`] :bro:attr:`&default` = ``{ }`` :bro:attr:`&optional`
corrent responder packet thresholds we watch for
Events
######
.. bro:id:: ConnThreshold::bytes_threshold_crossed
:Type: :bro:type:`event` (c: :bro:type:`connection`, threshold: :bro:type:`count`, is_orig: :bro:type:`bool`)
Generated for a connection that crossed a set byte threshold
:c: the connection
:threshold: the threshold that was set
:is_orig: True if the threshold was crossed by the originator of the connection
.. bro:id:: ConnThreshold::packets_threshold_crossed
:Type: :bro:type:`event` (c: :bro:type:`connection`, threshold: :bro:type:`count`, is_orig: :bro:type:`bool`)
Generated for a connection that crossed a set byte threshold
:c: the connection
:threshold: the threshold that was set
:is_orig: True if the threshold was crossed by the originator of the connection
Functions
#########
.. bro:id:: ConnThreshold::delete_bytes_threshold
:Type: :bro:type:`function` (c: :bro:type:`connection`, threshold: :bro:type:`count`, is_orig: :bro:type:`bool`) : :bro:type:`bool`
Deletes a byte threshold for connection sizes.
:cid: The connection id.
:threshold: Threshold in bytes to remove.
:is_orig: If true, threshold is removed for packets from originator, otherwhise for packets from responder.
:returns: T on success, F on failure.
.. bro:id:: ConnThreshold::delete_packets_threshold
:Type: :bro:type:`function` (c: :bro:type:`connection`, threshold: :bro:type:`count`, is_orig: :bro:type:`bool`) : :bro:type:`bool`
Deletes a packet threshold for connection sizes.
:cid: The connection id.
:threshold: Threshold in packets.
:is_orig: If true, threshold is removed for packets from originator, otherwise for packets from responder.
:returns: T on success, F on failure.
.. bro:id:: ConnThreshold::set_bytes_threshold
:Type: :bro:type:`function` (c: :bro:type:`connection`, threshold: :bro:type:`count`, is_orig: :bro:type:`bool`) : :bro:type:`bool`
Sets a byte threshold for connection sizes, adding it to potentially already existing thresholds.
conn_bytes_threshold_crossed will be raised for each set threshold.
:cid: The connection id.
:threshold: Threshold in bytes.
:is_orig: If true, threshold is set for bytes from originator, otherwise for bytes from responder.
:returns: T on success, F on failure.
.. bro:id:: ConnThreshold::set_packets_threshold
:Type: :bro:type:`function` (c: :bro:type:`connection`, threshold: :bro:type:`count`, is_orig: :bro:type:`bool`) : :bro:type:`bool`
Sets a packet threshold for connection sizes, adding it to potentially already existing thresholds.
conn_packets_threshold_crossed will be raised for each set threshold.
:cid: The connection id.
:threshold: Threshold in packets.
:is_orig: If true, threshold is set for packets from originator, otherwise for packets from responder.
:returns: T on success, F on failure.
Reference in a new issue View git blame Copy permalink