base/bif/plugins/Zeek_ConnSize.functions.bif.zeek

GLOBAL
Namespace:GLOBAL

Summary

Functions

get_current_conn_bytes_threshold: function  
get_current_conn_duration_threshold: function Gets the current duration threshold size for a connection.
get_current_conn_packets_threshold: function Gets the current packet threshold size for a connection.
set_current_conn_bytes_threshold: function Sets the current byte threshold for connection sizes, overwriting any potential old threshold.
set_current_conn_duration_threshold: function Sets the current duration threshold for connection, overwriting any potential old threshold.
set_current_conn_packets_threshold: function Sets a threshold for connection packets, overwtiting any potential old thresholds.

Detailed Interface

Functions

get_current_conn_bytes_threshold
Type:function (cid: conn_id, is_orig: bool) : count
Cid:The connection id.
Is_orig:If true, threshold of originator, otherwhise threshold of responder.
Returns:0 if no threshold is set or the threshold in bytes

See also: set_current_conn_packets_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_packets_threshold, set_current_conn_duration_threshold, get_current_conn_duration_threshold

get_current_conn_duration_threshold
Type:function (cid: conn_id) : interval

Gets the current duration threshold size for a connection.

Cid:The connection id.
Returns:0 if no threshold is set or the threshold in seconds

See also: set_current_conn_packets_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_packets_threshold, set_current_conn_duration_threshold

get_current_conn_packets_threshold
Type:function (cid: conn_id, is_orig: bool) : count

Gets the current packet threshold size for a connection.

Cid:The connection id.
Is_orig:If true, threshold of originator, otherwhise threshold of responder.
Returns:0 if no threshold is set or the threshold in packets

See also: set_current_conn_packets_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_bytes_threshold, set_current_conn_duration_threshold, get_current_conn_duration_threshold

set_current_conn_bytes_threshold
Type:function (cid: conn_id, threshold: count, is_orig: bool) : bool

Sets the current byte threshold for connection sizes, overwriting any potential old threshold. Be aware that in nearly any case you will want to use the high level API instead (ConnThreshold::set_bytes_threshold).

Cid:The connection id.
Threshold:Threshold in bytes.
Is_orig:If true, threshold is set for bytes from originator, otherwhise for bytes from responder.

See also: set_current_conn_packets_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, set_current_conn_duration_threshold, get_current_conn_duration_threshold

set_current_conn_duration_threshold
Type:function (cid: conn_id, threshold: interval) : bool

Sets the current duration threshold for connection, overwriting any potential old threshold. Be aware that in nearly any case you will want to use the high level API instead (ConnThreshold::set_duration_threshold).

Cid:The connection id.
Threshold:Threshold in seconds.

See also: set_current_conn_packets_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, get_current_conn_duration_threshold

set_current_conn_packets_threshold
Type:function (cid: conn_id, threshold: count, is_orig: bool) : bool

Sets a threshold for connection packets, overwtiting any potential old thresholds. Be aware that in nearly any case you will want to use the high level API instead (ConnThreshold::set_packets_threshold).

Cid:The connection id.
Threshold:Threshold in packets.
Is_orig:If true, threshold is set for packets from originator, otherwhise for packets from responder.

See also: set_current_conn_bytes_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, set_current_conn_duration_threshold, get_current_conn_duration_threshold