[Bro-Dev] Bro byte and packet counting in devel
Seth Hall
seth at icir.org
Fri Mar 4 21:07:30 PST 2011
On Feb 25, 2011, at 11:51 AM, Gregor Maier wrote:
> the analyzer to count bytes and packets as seen on the wire per
> connection (endpoint) is now in devel. If enabled the counters are part
> of the connection record (actually the endpoint records) and can thus be
> access by any event that gets a connection as argument.
Thanks for doing the work on this, I've been wanting this functionality built into Bro for a long time. Is there any plan for getting this integrated into master? I see that there isn't a merge request yet, are you waiting for more testing?
It just came up for me because I'm rewriting the conn.bro script and I want to include that data if the analyzer is enabled as a replacement for the normal c$orig$size and c$resp$size.
Thanks,
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list