[Bro-Dev] WIP: Instrumentation plugin
Gilbert Clark
gc355804 at ohio.edu
Tue Mar 3 20:40:36 PST 2015
Hi all:
Just a brief note that
https://github.com/cubic1271/bro-plugin-instrumentation exists as a work
in progress, and should now be supported by the current bro master.
It knows four tricks at the moment:
* Per-packet statistics - memory, file I/O, and CPU information either
every X seconds or every Y packets. This differs from existing
functionality only in the way data is gathered: it uses RDTSC to grab
CPU cycles, hooks the malloc familiy of functions to gather memory data,
and also hooks I/O methods to gather information about what is
generating input / output in the application.
* Per-function statistics - memory information and aggregate cycle
counts for the time spent in each bro function.
* Function call-graphs - output graphviz formatted call graphs that can
be rendered via e.g. dot.
* Export of arbitrary data via HTTP - populate arbitrary JSON objects in
bro script and serve them directly from a HTTP server embedded in the
plugin.
Overhead is pretty high at the moment, and there are things that need to
be researched on different platforms (e.g. mechanics of RDTSC, reduce
error associated with cost of collecting data, etc). I haven't crashed
it with the data I've thrown at it as of yet, but I'm sure it's only a
matter of time...
It's a work in progress, so feedback / comments / concerns are welcome.
Hope something in there is interesting to someone :)
--Gilbert
More information about the bro-dev
mailing list