[Bro] select element of set of records
rgentz at asu.edu
Tue Nov 15 15:27:09 PST 2016
Thank you for your input. The conversion to tables did what I wanted. Thanks
As a side effort to this project I made a bro2rabbitmq script that can take
any data from bro and send it out to rabbitmq via broker. Once fully
finished I will upload it to github...
On Tue, Nov 15, 2016 at 2:55 PM, Azoff, Justin S <jazoff at illinois.edu>
> > On Nov 15, 2016, at 4:46 PM, Reinhard Gentz <rgentz at asu.edu> wrote:
> > The reason is that the creation of the set elements and sending them out
> might not happen at the same time and i do not know how how many elements I
> will have.
> > The overall idea is that i make one element in the set for each ip
> address observed, that will have each the corresponding subelements a,b,c
> > If a critical condition occurs then send the record of that single ip
> (with the corresponding elements a,b,c) out to python for handling.
> > Second from that I thought i can access the elements the following way
> but it does not work as expected, tell me what i am doing wrong:
> > myrecord2[mytest($b="1")]$a #from myrecord2 take the set element
> record where b is "1" and from that return the content of a.
> You don't want a set then, you want a table[string] of mytest and
> mytable["1"] = mytest($b="1", a="2");
> mytable["2"] = mytest($b="2", a="4");
> or something similar.. It's hard to say without more information.. but you
> definitely do not want a set.
> - Justin Azoff
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro