[Bro] question about event http_stats
vern at icir.org
Sun May 2 01:43:56 PDT 2010
> #global http_stats: event(c: connection, stats: http_stats_rec);
> the http_stats event, I think it is raised when one http session is
> done? But why
> the stats$num_requests can be 0?
I would expect (and looking briefly at the code this appears to be true)
that an http_stats event is generated whenever an HTTP connection finishes,
even if nothing happened during the connection (no GET request, just a
SYN handshake). If so, then it would make sense that such unproductive
sessions have $num_requests equal to 0.
> I noticed in the http.bro, there is one handler for this event but
> then annotated.
I'm not following this comment ...
More information about the Bro