Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/policy/protocols/conn/metrics.bro
Seth Hall df6a180023 Some scripts for collecting connection stats and "app" stats. 
- App stats are considered stats for applications on the internet.
  Services like facebook, youtube, etc.
2012-03-28 15:52:20 -04:00

21 lines
610 B
Text
Raw Blame History

@load base/frameworks/metrics
event bro_init() &priority=3
{
Metrics::add_filter("conns.country", [$break_interval=1hr]);
Metrics::add_filter("hosts.active", [$break_interval=1hr]);
}
event connection_established(c: connection) &priority=3
{
if ( Site::is_local_addr(c$id$orig_h) )
{
local loc = lookup_location(c$id$resp_h);
if ( loc?$country_code )
Metrics::add_data("conns.country", [$str=loc$country_code], 1);
}
local the_host = Site::is_local_addr(c$id$orig_h) ? c$id$orig_h : c$id$resp_h;
# There is no index for this.
Metrics::add_unique("hosts.active", [], cat(the_host));
}
Reference in a new issue View git blame Copy permalink