base/bif/plugins/Zeek_ConnSize.events.bif.zeek

GLOBAL
Namespace:GLOBAL

Summary

Events

conn_bytes_threshold_crossed: event Generated for a connection that crossed a set byte threshold.
conn_duration_threshold_crossed: event Generated for a connection that crossed a set duration threshold.
conn_packets_threshold_crossed: event Generated for a connection that crossed a set packet threshold.

Detailed Interface

Events

conn_bytes_threshold_crossed
Type:event (c: connection, threshold: count, is_orig: bool)

Generated for a connection that crossed a set byte threshold. Note that this is a low level event that should usually be avoided for user code. Use ConnThreshold::bytes_threshold_crossed instead.

C:the connection
Threshold:the threshold that was set
Is_orig:true if the threshold was crossed by the originator of the connection

See also: set_current_conn_packets_threshold, set_current_conn_bytes_threshold, conn_packets_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, conn_duration_threshold_crossed, set_current_conn_duration_threshold, get_current_conn_duration_threshold

conn_duration_threshold_crossed
Type:event (c: connection, threshold: interval, is_orig: bool)

Generated for a connection that crossed a set duration threshold. Note that this is a low level event that should usually be avoided for user code. Use ConnThreshold::duration_threshold_crossed instead.

Note that this event is not raised at the exact moment that a duration threshold is crossed; instead it is raised when the next packet is seen after the threshold has been crossed. On a connection that is idle, this can be raised significantly later.

C:the connection
Threshold:the threshold that was set
Is_orig:true if the threshold was crossed by the originator of the connection

See also: set_current_conn_packets_threshold, set_current_conn_bytes_threshold, conn_bytes_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, set_current_conn_duration_threshold, get_current_conn_duration_threshold

conn_packets_threshold_crossed
Type:event (c: connection, threshold: count, is_orig: bool)

Generated for a connection that crossed a set packet threshold. Note that this is a low level event that should usually be avoided for user code. Use ConnThreshold::packets_threshold_crossed instead.

C:the connection
Threshold:the threshold that was set
Is_orig:true if the threshold was crossed by the originator of the connection

See also: set_current_conn_packets_threshold, set_current_conn_bytes_threshold, conn_bytes_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, conn_duration_threshold_crossed, set_current_conn_duration_threshold, get_current_conn_duration_threshold