# to run: bro -r tracefile ex2d.bro weird alarm

# need local_nets
@load mysite

global conn_count = 0;

# table to keep track of successful connections from each new remote host
global conn_per_orig: table[addr] of count &default=0;

# table to keep track of connection attempts from each new remote host
global conn_attempt_per_orig: table[addr] of count &default=0;


function print_results()
{
    print fmt("\n Total number of connections: %d \n", conn_count);
    for ( orig in conn_attempt_per_orig )
    {
       print fmt("Connections from host %s: %d out of %d attempts",
                orig, conn_per_orig[orig], conn_attempt_per_orig[orig] );

    }
}


event connection_established(c: connection)
{
       local id = c$id;
       local log_msg =
                fmt("%.6f %.6f %s %s %d %d %d %d ",
                        c$start_time, c$duration, id$orig_h, id$resp_h, 
                        id$orig_p, id$resp_p, c$orig$size, c$resp$size);
        print log_msg;

        ++conn_count;
        if (! is_local_addr(id$orig_h) )  # only count remote hosts
             ++conn_per_orig[id$orig_h];

}


event new_connection(c: connection)
{
    local orig = c$id$orig_h;
    if (! is_local_addr(orig) )  # only count remote hosts
        ++conn_attempt_per_orig[orig];
}    


event bro_done()
{       
        print_results();
}