[Bro-Dev] [JIRA] (BIT-1517) Variable rollover in bytes_recv in stats.log
dop (JIRA)
jira at bro-tracker.atlassian.net
Tue Jan 5 14:33:00 PST 2016
dop created BIT-1517:
------------------------
Summary: Variable rollover in bytes_recv in stats.log
Key: BIT-1517
URL: https://bro-tracker.atlassian.net/browse/BIT-1517
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.4
Environment: CentOS release 6.7 (Final)
Reporter: dop
I noticed that bytes_recv in stats.log was looking occasionally really high (like 2^64 high) and mentioned it to Justin. He proposed a quick patch to stats.bro (below) to identify the source of the problem which looks like the raw bytes_recv variable:
cat current/stats.log | /usr/local/bro/bin/bro-cut -u peer bytes_recv bytes_recv_raw | grep pg-worker-1-9
pg-worker-1-9 17654180 4261583324
pg-worker-1-9 21442649 4283025973
pg-worker-1-9 18446744069439617937 13092294
pg-worker-1-9 15969954 29062248
pg-worker-1-9 23215479 52277727
--- stats.bro.orig 2016-01-05 14:31:33.000000000 -0500
+++ stats.bro 2016-01-05 14:32:04.000000000 -0500
@@ -42,6 +42,8 @@
## Number of bytes received since the last stats interval if
## reading live traffic.
bytes_recv: count &log &optional;
+
+ bytes_recv_raw: count &log &optional;
};
## Event to catch stats as they are written to the logging stream.
@@ -78,6 +80,7 @@
info$pkts_dropped = ns$pkts_dropped - last_ns$pkts_dropped;
info$pkts_link = ns$pkts_link - last_ns$pkts_link;
info$bytes_recv = ns$bytes_recvd - last_ns$bytes_recvd;
+ info$bytes_recv_raw = ns$bytes_recvd;
}
Log::write(Stats::LOG, info);
--
This message was sent by Atlassian JIRA
(v7.1.0-OD-03-048#71001)
More information about the bro-dev
mailing list