Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 09:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/scripts/base/frameworks/metrics/thresholding.bro
Seth Hall d9195076b1 Metrics framework checkpoint. 
- New scan.bro merged in and reworked a bit.

 - Updated metrics API.  Now possible to calculate much more.
2012-11-16 02:37:52 -05:00

47 lines
2 KiB
Text
Raw Blame History

# @TEST-EXEC: bro %INPUT
# @TEST-EXEC: btest-diff .stdout
redef enum Notice::Type += {
Test_Notice,
};
event bro_init() &priority=5
{
Metrics::add_filter("test.metric",
[$name="foobar",
$every=3secs,
$measure=set(Metrics::SUM),
$threshold=5,
$threshold_crossed(index: Metrics::Index, val: Metrics::ResultVal) = {
print fmt("THRESHOLD: hit a threshold value at %.0f for %s", val$sum, Metrics::index2str(index));
},
$log=F]);
Metrics::add_filter("test.metric",
[$name="foobar2",
$every=3secs,
$measure=set(Metrics::SUM),
$threshold_series=vector(3,6,800),
$threshold_crossed(index: Metrics::Index, val: Metrics::ResultVal) = {
print fmt("THRESHOLD_SERIES: hit a threshold series value at %.0f for %s", val$sum, Metrics::index2str(index));
},
$log=F]);
Metrics::add_filter("test.metric",
[$every=3secs,
$measure=set(Metrics::SUM),
$threshold_func(index: Metrics::Index, val: Metrics::ResultVal) = {
# This causes any data added to be cross the threshold.
return T;
},
$threshold_crossed(index: Metrics::Index, val: Metrics::ResultVal) = {
print fmt("THRESHOLD_FUNC: hit a threshold function value at %.0f for %s", val$sum, Metrics::index2str(index));
},
$log=F]);
Metrics::add_data("test.metric", [$host=1.2.3.4], [$num=3]);
Metrics::add_data("test.metric", [$host=6.5.4.3], [$num=2]);
Metrics::add_data("test.metric", [$host=7.2.1.5], [$num=1]);
Metrics::add_data("test.metric", [$host=1.2.3.4], [$num=3]);
Metrics::add_data("test.metric", [$host=7.2.1.5], [$num=1000]);
}
Reference in a new issue View git blame Copy permalink