##| Track memory/lag statistics.  Differs from profiling.bro in that this
##| is lighter-weight (much less info, and less load to generate).

@load base/frameworks/notice

module Stats;

export {
	
	 redef enum Notice::Type += {
        	ResourceStats,          # generated when running live packet capture
        	OfflineResourceStats,   # generated when reading trace files
	};
	const stats_report_interval = 10 sec &redef;
}

event check_stats(last_ts: time, last_ns: NetStats,  last_res: bro_resources)
	{
        local now = current_time();
        local ns = net_stats();
 	local res = resource_usage();
        
        if ( bro_is_terminating() )
                # No more stats will be written or scheduled when Bro is
                # shutting down.
                return;
        
        local stat_msg =
                fmt("mem=%dMB pkts_proc=%d events_proc=%d events_queued=%d",
                        res$mem / 1000000, res$num_packets - last_res$num_packets,
			res$num_events_dispatched - last_res$num_events_dispatched, 
		        res$num_events_queued - last_res$num_events_queued);
  

        if ( reading_live_traffic() )
                {
                	stat_msg = fmt("%s et=%.2f lag=%fsec util=%.01f%% pkts_rcv=%d pkts_drp=%d pkts_link=%d",
                                stat_msg, now-last_ts,  now - network_time(), 
			        100.0*((res$user_time + res$system_time) - (last_res$user_time + last_res$system_time))/(now-last_ts),
				ns$pkts_recvd - last_ns$pkts_recvd,
				ns$pkts_dropped  - last_ns$pkts_dropped,
				ns$pkts_link  - last_ns$pkts_link);
                	NOTICE([$note=ResourceStats, $msg=stat_msg]);
                } else {
		 	NOTICE([$note=OfflineResourceStats, $msg=stat_msg]);
		}

 	schedule stats_report_interval { check_stats(now,  ns, res) };

	}
 
                

event bro_init()
	{
	schedule stats_report_interval { check_stats(current_time(), net_stats(), resource_usage()) };
	}