description = "description"; short_description = "desc"; category = "Net"; args = {} require "common" local fields = {} function on_init() local mapping = { isread = "evt.is_io_read", buflen = "evt.buflen", proc = "proc.name", pid = "proc.pid", tid = "thread.tid", container = "container.name", sip = "fd.sip", sport = "fd.sport", cip = "fd.cip", cport = "fd.cport", evt_type = "evt.type", proto = "fd.l4proto", lip = "fd.lip", } for k,v in pairs(mapping) do fields[k] = chisel.request_field(v) end key_fields = {fields.container, fields.proc, fields.pid, fields.tid, fields.proto, fields.sip, fields.sport, fields.cip, fields.cport} sysdig.set_snaplen(0) chisel.set_filter("evt.is_io=true and (fd.type=ipv4 or fd.type=ipv6) and fd.rip exists and fd.lip exists and container.name!=host") return true end local stats = {} local DEBUG = false function on_event() -- only capture connections of servers local sip = evt.field(fields.sip) if not (evt.field(fields.lip) == sip or evt.field(fields.rip) == sip) then return true end local dir if evt.field(fields.isread) then dir = "rx" else dir = "tx" end if DEBUG then function to_s(v) return (evt.field(v) or "nil").." " end io.write("DEBUG: ", to_s(fields.container), to_s(fields.proc), to_s(fields.pid), to_s(fields.tid), to_s(fields.proto), to_s(fields.sip), to_s(fields.sport), to_s(fields.cip), to_s(fields.cport), to_s(fields.lip), dir, "\n") end local t = { } for k,v in ipairs(key_fields) do t[#t+1] = tostring(evt.field(v)) end t[#t+1] = dir local key = table.concat(t, "\t") stats[key] = (stats[key] or 0) + (evt.field(fields.buflen) or 0) return true end function string.starts(string, prefix) return string.sub(string, 1, string.len(start)) == prefix end function on_capture_start() hostname = sysdig.get_machine_info().hostname return true end function on_capture_end() for k, v in pairs(stats) do io.write(hostname, "\t", k, "\t", v, "\n") end end