canhanhan/statistics.bro

## statistics.bro
@load base/frameworks/sumstats
@load base/utils/site

redef udp_content_deliver_all_orig = T;
redef udp_content_deliver_all_resp = T;

module BW;

global temp : set[string];

event bro_init()
        {
        local r1 = SumStats::Reducer($stream="bw", $apply=set(SumStats::SUM));

        SumStats::create([$name = "bw", $epoch = 5min, $reducers = set(r1),
                                         $epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) = {
                                                local intervl: double = time_to_double(result["bw"]$end) - time_to_double(result["bw"]$begin);
                                                intervl = intervl < 1 ? 1 : intervl;
						local info : string =  fmt("{\"ts\":\"%s\",\"name\":\"%s\",\"bw\":%f, \"interval\":%f}", strftime("%T", current_time()), key$str, result["bw"]$sum/intervl*8, intervl);
						add temp[info];
                                         },
                                         $epoch_finished(ts: time) = {
						local f : file = open("/var/www/html/bw.json");
						write_file(f, "[");
						local len = |temp|;
						local i = 0;
						for(val in temp) {
							write_file(f, cat(val, i+1 < len ? "," : ""));
							++i;
						}
						write_file(f, "]");
						close(f);
						clear_table(temp);
					 }
                                        ]);
        }

function packet_delivered(c: connection, is_orig: bool, len: count)
{
        local is_local : bool = Site::is_local_addr(c$id$orig_h);
        SumStats::observe("bw", [$str=cat((is_local || is_orig) && !(is_local && is_orig) ? "out" : "in", "-0.0.0.0")], [$num=len]);

        if (is_orig) {
	        SumStats::observe("bw", [$str=cat("out-", c$id$orig_h)], [$num=len]);
                SumStats::observe("bw", [$str=cat("in-", c$id$resp_h)], [$num=len]);
                SumStats::observe("bw", [$str=cat("in-", c$id$resp_h, ":", c$id$resp_p)], [$num=len]);
                SumStats::observe("bw", [$str=cat(c$id$orig_h, "-", c$id$resp_h)], [$num=len]);
                SumStats::observe("bw", [$str=cat(c$id$orig_h, "-", c$id$resp_h, ":", c$id$resp_p)], [$num=len]);
        } else {
                SumStats::observe("bw", [$str=cat("in-", c$id$orig_h)], [$num=len]);
                SumStats::observe("bw", [$str=cat("out-", c$id$resp_h)], [$num=len]);
                SumStats::observe("bw", [$str=cat("out-", c$id$resp_h, ":", c$id$resp_p)], [$num=len]);
                SumStats::observe("bw", [$str=cat(c$id$resp_h, "-", c$id$orig_h)], [$num=len]);
                SumStats::observe("bw", [$str=cat(c$id$resp_h, ":", c$id$resp_p, "-", c$id$orig_h)], [$num=len]);
        }
}

event udp_contents(u: connection, is_orig: bool, contents: string)
{
        packet_delivered(u, is_orig, |contents|);
}

event tcp_packet(c: connection, is_orig: bool, flags: string, seq: count, ack: count, len: count, payload: string)
{
        packet_delivered(c, is_orig, len);
}
	@load base/frameworks/sumstats
	@load base/utils/site

	redef udp_content_deliver_all_orig = T;
	redef udp_content_deliver_all_resp = T;

	module BW;

	global temp : set[string];

	event bro_init()
	{
	local r1 = SumStats::Reducer($stream="bw", $apply=set(SumStats::SUM));

	SumStats::create([$name = "bw", $epoch = 5min, $reducers = set(r1),
	$epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) = {
	local intervl: double = time_to_double(result["bw"]$end) - time_to_double(result["bw"]$begin);
	intervl = intervl < 1 ? 1 : intervl;
	local info : string = fmt("{\"ts\":\"%s\",\"name\":\"%s\",\"bw\":%f, \"interval\":%f}", strftime("%T", current_time()), key$str, result["bw"]$sum/intervl*8, intervl);
	add temp[info];
	},
	$epoch_finished(ts: time) = {
	local f : file = open("/var/www/html/bw.json");
	write_file(f, "[");
	local len = \|temp\|;
	local i = 0;
	for(val in temp) {
	write_file(f, cat(val, i+1 < len ? "," : ""));
	++i;
	}
	write_file(f, "]");
	close(f);
	clear_table(temp);
	}
	]);
	}

	function packet_delivered(c: connection, is_orig: bool, len: count)
	{
	local is_local : bool = Site::is_local_addr(c$id$orig_h);
	SumStats::observe("bw", [$str=cat((is_local \|\| is_orig) && !(is_local && is_orig) ? "out" : "in", "-0.0.0.0")], [$num=len]);

	if (is_orig) {
	SumStats::observe("bw", [$str=cat("out-", c$id$orig_h)], [$num=len]);
	SumStats::observe("bw", [$str=cat("in-", c$id$resp_h)], [$num=len]);
	SumStats::observe("bw", [$str=cat("in-", c$id$resp_h, ":", c$id$resp_p)], [$num=len]);
	SumStats::observe("bw", [$str=cat(c$id$orig_h, "-", c$id$resp_h)], [$num=len]);
	SumStats::observe("bw", [$str=cat(c$id$orig_h, "-", c$id$resp_h, ":", c$id$resp_p)], [$num=len]);
	} else {
	SumStats::observe("bw", [$str=cat("in-", c$id$orig_h)], [$num=len]);
	SumStats::observe("bw", [$str=cat("out-", c$id$resp_h)], [$num=len]);
	SumStats::observe("bw", [$str=cat("out-", c$id$resp_h, ":", c$id$resp_p)], [$num=len]);
	SumStats::observe("bw", [$str=cat(c$id$resp_h, "-", c$id$orig_h)], [$num=len]);
	SumStats::observe("bw", [$str=cat(c$id$resp_h, ":", c$id$resp_p, "-", c$id$orig_h)], [$num=len]);
	}
	}

	event udp_contents(u: connection, is_orig: bool, contents: string)
	{
	packet_delivered(u, is_orig, \|contents\|);
	}

	event tcp_packet(c: connection, is_orig: bool, flags: string, seq: count, ack: count, len: count, payload: string)
	{
	packet_delivered(c, is_orig, len);
	}