[Bro] printing metrics to screen
JP Bourget
jp.bourget at gmail.com
Thu Mar 14 13:53:10 PDT 2013
Sorry didn't reply all -
Seth - I'm trying to figure out how to print out Metrics values stored with
the Metrics Framework. So if I'm watching something, how can I figure out
the state or values of everything in order to understand that what I think
is happening is happening.
See below also
JP
said differently - how do I access the values of metrics at the end of
running a bro script to see if what I think is happening is happening -
before I rewrite it to assume it will trigger an alarm.
On Thu, Mar 14, 2013 at 4:05 PM, JP Bourget <jp.bourget at gmail.com> wrote:
> I am for now - so I could do:
>
> event bro_done()
>
> {
>
> print fmt("DNS NX: %s", DNS_NX_Count);
> }
>
>
> I'm trying to understand a.) syntax of printing out a metric (is it just
> like any other variable? or do we have a table or multidimensional array
> that we are keeping track based on source IP)
>
> and B: if a is true -would printing out the metric just show the values
> that trigger the metric? I'm trying to figure out what happens.
>
>
On Thu, Mar 14, 2013 at 4:37 PM, Seth Hall <seth at icir.org> wrote:
>
> On Mar 14, 2013, at 3:43 PM, JP Bourget <jp.bourget at gmail.com> wrote:
>
> > How can I print a metric I'm tracking to screen to confirm it's doing
> what I think it's doing?
>
>
> When you say "metric", are you referring to something you're doing with
> the Metrics framework?
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
--
JP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130314/862184d7/attachment.html
More information about the Bro
mailing list