[Bro-Dev] Bro byte and packet counting in devel

Seth Hall seth at icir.org
Fri Mar 4 21:07:30 PST 2011


On Feb 25, 2011, at 11:51 AM, Gregor Maier wrote:

> the analyzer to count bytes and packets as seen on the wire per
> connection (endpoint) is now in devel. If enabled the counters are part
> of the connection record (actually the endpoint records) and can thus be
> access by any event that gets a connection as argument.


Thanks for doing the work on this, I've been wanting this functionality built into Bro for a long time.  Is there any plan for getting this integrated into master?  I see that there isn't a merge request yet, are you waiting for more testing?

It just came up for me because I'm rewriting the conn.bro script and I want to include that data if the analyzer is enabled as a replacement for the normal c$orig$size and c$resp$size.

Thanks,
 .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/




More information about the bro-dev mailing list