stats.zeek

Stats

Log memory/packet/lag statistics.

Namespace:: Stats
Imports:: base/frameworks/notice, base/frameworks/telemetry, base/utils/time.zeek

Summary

Runtime Options

Stats::report_interval: interval &redef

How often stats are reported.

Event to catch stats as they are written to the logging stream.

Hooks

Stats::log_policy: Log::PolicyHook

Detailed Interface

Runtime Options

Stats::report_interval 

Type:: interval
Attributes:: &redef
Default:: 5.0 mins

How often stats are reported.

Types

Stats::Info 

Type:

record

Fields:

ts: time &log: Timestamp for the measurement.

peer: string &log: Peer that generated this log. Mostly for clusters.

mem: count &log: Amount of memory currently in use in MB.

pkts_proc: count &log: Number of packets processed since the last stats interval.

bytes_recv: count &log: Number of bytes received since the last stats interval if reading live traffic.

pkts_dropped: count &log &optional: Number of packets dropped since the last stats interval if reading live traffic.

pkts_link: count &log &optional: Number of packets seen on the link since the last stats interval if reading live traffic.

pkt_lag: interval &log &optional: Lag between the wall clock and packet timestamps if reading live traffic.

pkts_filtered: count &log &optional: Number of packets filtered from the link since the last stats interval if reading live traffic.

events_proc: count &log: Number of events processed since the last stats interval.

events_queued: count &log: Number of events that have been queued since the last stats interval.

active_tcp_conns: count &log: TCP connections currently in memory.

active_udp_conns: count &log: UDP connections currently in memory.

active_icmp_conns: count &log: ICMP connections currently in memory.

tcp_conns: count &log: TCP connections seen since last stats interval.

udp_conns: count &log: UDP connections seen since last stats interval.

icmp_conns: count &log: ICMP connections seen since last stats interval.

timers: count &log: Number of timers scheduled since last stats interval.

active_timers: count &log: Current number of scheduled timers.

files: count &log: Number of files seen since last stats interval.

active_files: count &log: Current number of files actively being seen.

dns_requests: count &log: Number of DNS requests seen since last stats interval.

active_dns_requests: count &log: Current number of DNS requests awaiting a reply.

reassem_tcp_size: count &log: Current size of TCP data in reassembly.

reassem_file_size: count &log: Current size of File data in reassembly.

reassem_frag_size: count &log: Current size of packet fragment data in reassembly.

reassem_unknown_size: count &log: Current size of unknown data in reassembly (this is only PIA buffer right now).

Events

Stats::log_stats 

Type:: event (rec: Stats::Info)

Event to catch stats as they are written to the logging stream.

Hooks

Stats::log_policy 

Type:: Log::PolicyHook

policy/misc/stats.zeek

Summary

Runtime Options

Types

Redefinitions

Events

Hooks

Detailed Interface

Runtime Options

Types

Events

Hooks