Another clean up.

srunnels · May 31, 2012 · d225128 · d225128
1 parent b93e245
commit d225128
Showing 1 changed file with 20 additions and 24 deletions.
diff --git a/rdp.bro b/rdp.bro
@@ -1,35 +1,32 @@
+## Based off a script by Seth Hall
+
 redef signature_files += "rdp.sig";
 
 module RDP;
 
 export {
 
-	# This allows us to use RDP::LOG 
+    # This allows us to use RDP::LOG 
     redef enum Log::ID += { LOG };
 
     type Info: record {
-		ts:          time     &log;
-		uid:         string   &log;
-		id:          conn_id  &log;
-		# success:     bool     &log &default=F;
-
-		last_size:   count    &default=0;
-		last_check:  time     &default=network_time();
-        num_checks:  count    &default=0;
-        last_total:  count    &default=0;
-        byte_vector: vector of count &default = vector(0,0,0,0,0);
-        avg:         count    &log &default=0;
-		# humps_seen:  count    &default=0;
-		# plateau_measurements: count &default=0;
-		# last_seen:   string   &default="plateau";
-	};
+    ts:          time     &log;
+    uid:         string   &log;
+    id:          conn_id  &log;
+    last_size:   count    &default=0;
+    last_check:  time     &default=network_time();
+    num_checks:  count    &default=0;
+    last_total:  count    &default=0;
+    byte_vector: vector of count &default = vector(0,0,0,0,0);
+    avg:         count    &log &default=0;
+    };
 
-	## Amount of time to monitor a connection for the second hump of data.
-	const watch_for = 120secs;
+    # Amount of time to monitor a connection for the second hump of data.
+    const watch_for = 120secs;
 }
 
 redef record connection += { 
-	rdp: Info &optional;
+    rdp: Info &optional;
 };
 
 # Initialize the RDP logging stream
@@ -53,7 +50,6 @@ event dump_bytes(id: conn_id)
       c$rdp$byte_vector[2] = c$rdp$byte_vector[3];
       c$rdp$byte_vector[3] = c$rdp$byte_vector[4];
       c$rdp$byte_vector[4] = c$resp$num_bytes_ip - c$rdp$last_size;
-
       if (c$rdp$num_checks >= 4)
          {
          c$rdp$avg = (c$rdp$byte_vector[0] + c$rdp$byte_vector[1] + c$rdp$byte_vector[2] + c$rdp$byte_vector[3] + c$rdp$byte_vector[4] ) / 5;
@@ -67,7 +63,7 @@ event dump_bytes(id: conn_id)
 
 
 event signature_match(state: signature_state, msg: string, data: string)
-	{
-	state$conn$rdp = [$ts=network_time(), $uid=state$conn$uid, $id=state$conn$id];
-    event dump_bytes(state$conn$id);
-	}
+      {
+      state$conn$rdp = [$ts=network_time(), $uid=state$conn$uid, $id=state$conn$id];
+      event dump_bytes(state$conn$id);
+      }