Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Bug in broctl netstats percentage calculation #423

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
This is incorrect:
        /opt/bro/bin/broctl netstats | tee /tmp/broctl-netstats | sed \
        's/[a-z]*=//g' | awk '{ drop =+ $4 ; link =+ $5 } \
        END { printf("%f\n", ((drop/NR) / (link/NR)) * 100) }'

Original issue reported on code.google.com by doug.bu...@gmail.com on 14 Nov 2013 at 4:46

Should probably be:
        /opt/bro/bin/broctl netstats > /tmp/broctl-netstats
        [ -s /tmp/broctl-netstats ] && cat /tmp/broctl-netstats | sed \
        's/[a-z]*=//g' | awk '{ drop += $4 ; link += $5 } \
        END { printf("%f\n", ((drop/NR) / (link/NR)) * 100) }'

Original comment by doug.bu...@gmail.com on 14 Nov 2013 at 4:47

  • Added labels: ****
  • Removed labels: ****
Fixed as follows:

        /opt/bro/bin/broctl netstats > /tmp/broctl-netstats
        if [ -s /tmp/broctl-netstats ]; then
                header "Bro netstats"
                echo -n "Average packet loss as percent across all Bro workers: "
                cat /tmp/broctl-netstats | sed \
                's/[a-z]*=//g' | awk '{ drop += $4 ; link += $5 } \
                END { printf("%f\n", ((drop/NR) / (link/NR)) * 100) }'
                echo
                cat /tmp/broctl-netstats
                echo
        fi

Original comment by doug.bu...@gmail.com on 15 Nov 2013 at 12:45

  • Added labels: ****
  • Removed labels: ****
Published:
http://blog.securityonion.net/2013/11/new-sostat-package-available.html

Original comment by doug.bu...@gmail.com on 15 Nov 2013 at 1:55

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment