[Bro] identifying bro peers
mel at hackinthebox.org
Thu Oct 16 00:16:12 PDT 2008
Seth Hall wrote:
> The peer_description variable is what you're looking for and the
> prefixed_id function which helps with using it.
> # Prepend the peer description, if set.
> function prefixed_id(id: count): string
> if ( peer_description == "" )
> return fmt("%s", id);
> return cat(peer_description, "-", id);
> You give it a "count" and it will prepend the name of the peer where the
> currently handled event originated.
Thanks! Just what I need.
More information about the Bro