[Zeek] Possible bug in Stats framework?
Brittany Donowho
brittany.donowho at nrl.navy.mil
Tue Nov 19 06:26:52 PST 2019
Hi,
I’ve been trying to use the stats framework on PCAP but the logs were always off by several packets (depending on the size of the trace). The numbers match up when I moved the code
if (zeek_is_terminating() )
return;
To the end of stats.zeek as follows:
Log::write(Stats::LOG, info);
if ( zeek_is_terminating() )
return;
schedule report_interval { check_stats(nettime, ns, cs, ps, es, rs, ts, fs, ds) };
Can someone verify that this is correct? I’m wondering if this edit will mess with live traffic stats.
Thanks!
Brittany Donowho
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191119/1f6d84de/attachment.html
More information about the Zeek
mailing list