#! /usr/bin/env bash
#
# $Id: summarize-connections.in 6813 2009-07-07 18:54:12Z robin $
#
# Bro postprocessor script to summarize connection summaries. 
#
# Needs trace-summary script.
#
# summarize-conns <rotated-file-name> <base-name> <timestamp-when-opened> <timestamp-when-closed> [<tag>]

if [ "$2" != "conn.log" ]; then
   exit 0
fi

summary_options="-c -r"

# If we're a cluster installation, we assume we have lots of traffic and activate sampling.
if [ "1" != "0" ]; then
   summary_options="$summary_options -S 0.01" 
fi    

if [ -e /etc/bro/networks.cfg ]; then
   summary_options="$summary_options -l /etc/bro/networks.cfg"
fi

input=$1
open=$3
close=$4

output=conn-summary.log

# GNU's time can do memory as well.
export TIME="%E real, %U user, %S sys, %KK total memory"

if [ "/usr/bin/trace-summary" != "" ]; then
   # Build subject 
   start=`echo $open | sed 's/^..-..-.._//' | sed 's/\./:/g'`
   end=`echo $close | sed 's/^..-..-.._//' | sed 's/\./:/g'`
   subject="Connection summary from $start-$end"

   LIMIT=unlimited
   ulimit -m $LIMIT
   ulimit -v $LIMIT

   export PYTHONPATH=/usr/lib/broctl:$PYTHONPATH
   nice which: no time in (/usr/sbin:/usr/bin:/sbin:/bin:/root/bin:/usr/local/sbin:/builddir/bin) /usr/bin/trace-summary $summary_options $input 2>&1 | grep -v "exceeds bandwith" >$output

   /usr/share/broctl/scripts/send-mail "$subject" <$output
   /usr/share/broctl/scripts/archive-log $output $output $3 $4 $5
fi   




