[Bro] Connections and Crossed_Threshold-Event
Dominique Sellehr
mydevmail at gmx.de
Mon Jul 10 05:25:35 PDT 2017
Hello Bro Community,
i wrote a script which is able to determine the amount of data transfered by a given connection. If the datatransfer crosses a set limit, a crossed_threshold event is triggered. The connection which crossed the threshold is logged into a log file.
Now, if i set a limit of 150.000 Bytes for example, the log file holds connections with 75.000 or 100.000 Bytes of transfered data.
This looks a bit confusing because the connections crossed the 150.000 Byte threshold but the log file entry states a different, lower number.
May someone please explain why this occurs and how to fix/change this behaviour/problem?
More information about the Bro
mailing list