[Bro-Dev] Bro byte and packet counting in devel
Gregor Maier
gregor at icir.org
Fri Feb 25 08:51:38 PST 2011
Hi,
the analyzer to count bytes and packets as seen on the wire per
connection (endpoint) is now in devel. If enabled the counters are part
of the connection record (actually the endpoint records) and can thus be
access by any event that gets a connection as argument.
To enable:
redef use_conn_size_analyzer = T;
To enable logging the sizes to conn.log:
# Whether to add 4 more columns to conn.log with
# orig_packet orig_ip_bytes resp_packets resp_ip_bytes
# Requires use_conn_size_analyzer=T
# Columns are added after history but before addl
redef report_conn_size_analyzer = T;
You might want to consider enables those if you run devel....
cu
Gregor
--
Gregor Maier
<gregor at icir.org> <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/
More information about the bro-dev
mailing list