base/bif/plugins/Zeek_ConnSize.events.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

conn_bytes_threshold_crossed: event

Generated for a connection that crossed a set byte threshold.

conn_duration_threshold_crossed: event

Generated for a connection that crossed a set duration threshold.

conn_packets_threshold_crossed: event

Generated for a connection that crossed a set packet threshold.

Detailed Interface

Events

conn_bytes_threshold_crossed
Type

event (c: connection, threshold: count, is_orig: bool)

Generated for a connection that crossed a set byte threshold. Note that this is a low level event that should usually be avoided for user code. Use ConnThreshold::bytes_threshold_crossed instead.

Parameters
  • c – the connection

  • threshold – the threshold that was set

  • is_orig – true if the threshold was crossed by the originator of the connection

See also: set_current_conn_packets_threshold, set_current_conn_bytes_threshold, conn_packets_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, conn_duration_threshold_crossed, set_current_conn_duration_threshold, get_current_conn_duration_threshold

conn_duration_threshold_crossed
Type

event (c: connection, threshold: interval, is_orig: bool)

Generated for a connection that crossed a set duration threshold. Note that this is a low level event that should usually be avoided for user code. Use ConnThreshold::duration_threshold_crossed instead.

Note that this event is not raised at the exact moment that a duration threshold is crossed; instead it is raised when the next packet is seen after the threshold has been crossed. On a connection that is idle, this can be raised significantly later.

Parameters
  • c – the connection

  • threshold – the threshold that was set

  • is_orig – true if the threshold was crossed by the originator of the connection

See also: set_current_conn_packets_threshold, set_current_conn_bytes_threshold, conn_bytes_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, set_current_conn_duration_threshold, get_current_conn_duration_threshold

conn_packets_threshold_crossed
Type

event (c: connection, threshold: count, is_orig: bool)

Generated for a connection that crossed a set packet threshold. Note that this is a low level event that should usually be avoided for user code. Use ConnThreshold::packets_threshold_crossed instead.

Parameters
  • c – the connection

  • threshold – the threshold that was set

  • is_orig – true if the threshold was crossed by the originator of the connection

See also: set_current_conn_packets_threshold, set_current_conn_bytes_threshold, conn_bytes_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, conn_duration_threshold_crossed, set_current_conn_duration_threshold, get_current_conn_duration_threshold