[Bro] printing metrics to screen
jp.bourget at gmail.com
Thu Mar 14 13:53:10 PDT 2013
Sorry didn't reply all -
Seth - I'm trying to figure out how to print out Metrics values stored with
the Metrics Framework. So if I'm watching something, how can I figure out
the state or values of everything in order to understand that what I think
is happening is happening.
See below also
said differently - how do I access the values of metrics at the end of
running a bro script to see if what I think is happening is happening -
before I rewrite it to assume it will trigger an alarm.
On Thu, Mar 14, 2013 at 4:05 PM, JP Bourget <jp.bourget at gmail.com> wrote:
> I am for now - so I could do:
> event bro_done()
> print fmt("DNS NX: %s", DNS_NX_Count);
> I'm trying to understand a.) syntax of printing out a metric (is it just
> like any other variable? or do we have a table or multidimensional array
> that we are keeping track based on source IP)
> and B: if a is true -would printing out the metric just show the values
> that trigger the metric? I'm trying to figure out what happens.
On Thu, Mar 14, 2013 at 4:37 PM, Seth Hall <seth at icir.org> wrote:
> On Mar 14, 2013, at 3:43 PM, JP Bourget <jp.bourget at gmail.com> wrote:
> > How can I print a metric I'm tracking to screen to confirm it's doing
> what I think it's doing?
> When you say "metric", are you referring to something you're doing with
> the Metrics framework?
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro