Counter Group

Creates a new counter group and associated meters.

Table countergroup

The table countergroup has three sections

  1. control — the GUID (unique ID of new counter group), name, and description
  2. meters — the meters and their variable types
  3. keyinfo — fixed key mappings

Structure

Table countergroup

name description
table control called when a new flow starts. Examine the flow tuples and determine if you are interested in reassembly.
table meters Called for every chunk of newly reassembled raw bytes
table keyinfo Called when a new flow is established

Table control

The control table assigns a unique GUID to the counter group and attaches it to a particular layer in the network protocol stack.

guid string A unique guid that identifies the group. See section on GUIDs
name string Name of the counter group. Keep it short < 15 chars
description string A slightly longer description , it will appear in the Admin user interface
bucketsize number Resolution of the counter group for all meters in seconds. If you are not sure, just use the value 60 for the default bucket size of 60 seconds
resolver_guid Optional string GUID of a another counter group which will be used to resolve the keys of this new counter group into labels and readable names. For example if you are creating a new counter group that uses IP addresses you can set resolver_guid to that of Hosts {4CD742B1-C1CA-4708-BE78-0FCA2EB01A86} See Well known GUIDS

Table meters

Every counter group can house upto 16 different meters. This section defines each of them.

The meters section is an “array of arrays”, The typical format is the following


meters = {
    {  0, T.K.vartype.RATE_COUNTER, 10, 0, "Bytes",   "bytes" ,   "B" },
    {  1, T.K.vartype.COUNTER,      10, 0, "Packets", "packets",  "Pkts" },
    ..
},

Each meter line defines the following

0 Meter ID must start from 0
1 Vartype type of meter, see the global named T.k.vartype
2 Top-N size how many toppers do you want to track for the this metric. Can be changed from the GUI
3 Bottom-N size how many bottom-K do you want to track for this metric. Can be changed from the GUI
4 Name Meter name (keep it short < 10 chars)
5 Description what does it track. Make sure you fill this out, it is shown in the GUI prominently
6 Units Suffix for units, must be compatible with K, M, G for Kilo, Mega, Giga etc. Example Bps for Bytes/sec bps for bits/sec, msgs for messages

Table keyinfo

This is an optional section if you have a Key → Label mapping.

Each entity being monitored in a counter group is identified by a key string. You are responsible for creating these key strings. The keyinfo table maps these keystrings into user friendly display labels. The web UI shows these labels instead of the raw keys.

Format

The keyinfo “table” is an array of { key, label }

key
string
label
string

  keyinfo = {
    {"14/00","change_cipher_spec"},
    {"15/00","alert"},
    {"16/00","hello_request"},
  ..
  }