[Bro] count connection bytes
Kellogg, Brian D (OLN)
bkellogg at dresser-rand.com
Mon Dec 23 13:26:53 PST 2013
I'm very new to Bro scripting so I thank you ahead of time for your patience. I'm trying to write a simple script that just prints the bytes for the Rx and Tx of a TCP session. Below is what I have, but it isn't giving me anything.
redef use_conn_size_analyzer = T;
event connection_finished(c:connection)
{
print c$orig$num_bytes_ip;
print c$resp$num_bytes_ip;
}
I'm probably missing something obvious but it is escaping me. thanks
Thank you,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131223/a066799a/attachment.html
More information about the Bro
mailing list