Hi,
I’ve been trying to use the stats framework on PCAP but the logs were always off by several packets (depending on the size of the trace). The numbers match up when I moved the code
if (zeek_is_terminating() )
return;
To the end of stats.zeek as follows:
Log::write(Stats::LOG, info);
if ( zeek_is_terminating() )
return;
schedule report_interval { check_stats(nettime, ns, cs, ps, es, rs, ts, fs, ds) };
Can someone verify that this is correct? I’m wondering if this edit will mess with live traffic stats.
Thanks!
Brittany Donowho