policy/misc/stats.zeek

Stats

Log memory/packet/lag statistics.

Namespace

Stats

Imports

base/frameworks/notice, base/frameworks/telemetry

Summary

Runtime Options

Stats::report_interval: interval &redef

How often stats are reported.

Types

Stats::Info: record

Redefinitions

Log::ID: enum

Stats::LOG

Events

Stats::log_stats: event

Event to catch stats as they are written to the logging stream.

Hooks

Stats::log_policy: Log::PolicyHook

Detailed Interface

Runtime Options

Stats::report_interval

Type

interval

Attributes

&redef

Default

5.0 mins

How often stats are reported.

Types

Stats::Info

Type

record

ts: time &log

Timestamp for the measurement.

peer: string &log

Peer that generated this log. Mostly for clusters.

mem: count &log

Amount of memory currently in use in MB.

pkts_proc: count &log

Number of packets processed since the last stats interval.

bytes_recv: count &log

Number of bytes received since the last stats interval if reading live traffic.

pkts_dropped: count &log &optional

Number of packets dropped since the last stats interval if reading live traffic.

pkts_link: count &log &optional

Number of packets seen on the link since the last stats interval if reading live traffic.

pkt_lag: interval &log &optional

Lag between the wall clock and packet timestamps if reading live traffic.

pkts_filtered: count &log &optional

Number of packets filtered from the link since the last stats interval if reading live traffic.

events_proc: count &log

Number of events processed since the last stats interval.

events_queued: count &log

Number of events that have been queued since the last stats interval.

active_tcp_conns: count &log

TCP connections currently in memory.

active_udp_conns: count &log

UDP connections currently in memory.

active_icmp_conns: count &log

ICMP connections currently in memory.

tcp_conns: count &log

TCP connections seen since last stats interval.

udp_conns: count &log

UDP connections seen since last stats interval.

icmp_conns: count &log

ICMP connections seen since last stats interval.

timers: count &log

Number of timers scheduled since last stats interval.

active_timers: count &log

Current number of scheduled timers.

files: count &log

Number of files seen since last stats interval.

active_files: count &log

Current number of files actively being seen.

dns_requests: count &log

Number of DNS requests seen since last stats interval.

active_dns_requests: count &log

Current number of DNS requests awaiting a reply.

reassem_tcp_size: count &log

Current size of TCP data in reassembly.

reassem_file_size: count &log

Current size of File data in reassembly.

reassem_frag_size: count &log

Current size of packet fragment data in reassembly.

reassem_unknown_size: count &log

Current size of unknown data in reassembly (this is only PIA buffer right now).

Events

Stats::log_stats

Type

event (rec: Stats::Info)

Event to catch stats as they are written to the logging stream.

Hooks

Stats::log_policy

Type

Log::PolicyHook