[Bro] "to_string" ?

Johanna Amann johanna at icir.org
Mon Jan 2 02:19:02 PST 2017


And for one more alternative, which is used quite extensively in the Bro
base scripts - the cat function can convert basically anything into
strings.

https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-cat

Johanna

On Sun, Jan 01, 2017 at 03:27:07PM -0600, Mike Dopheide wrote:
> You should be able to just use fmt().
> 
> mystring = fmt("%d",status_code);
> 
> Dop
> 
> 
> 
> On Sunday, January 1, 2017, M A <zaixer at gmail.com> wrote:
> 
> >
> > Hello,
> >
> > I am creating a simple script to plot specific fields for different
> > protocols counted and sorted.
> >
> > Your suggestions and feedback will be highly appreciated. Its just a
> > prototype for basic HTTP fields, but I am planning to include DNS,SMB,SMTP
> > and SSL.
> >
> > You can find the script here: https://github.com/eaam/
> > Bro/blob/master/dissect.bro
> >
> >
> > On a side note, I am stuck upon a situation where I wanted to handle all
> > incoming data as strings regardless of the original field type. (For
> > example, I would like to treat HTTP STATUS CODE as a string and not count,
> > the same for IP, Ports...etc). however, I could not find something like
> > "to_string" function here
> >
> > https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html .
> >
> > to_addr
> > <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_addr>
> > : function
> > <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> > a string
> > <https://www.bro.org/sphinx/script-reference/types.html#type-string> to
> > an addr <https://www.bro.org/sphinx/script-reference/types.html#type-addr>
> > .
> > to_count
> > <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_count>
> > : function
> > <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> > a string
> > <https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
> > count <https://www.bro.org/sphinx/script-reference/types.html#type-count>.
> > to_double
> > <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_double>
> > : function
> > <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> > a string
> > <https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
> > double
> > <https://www.bro.org/sphinx/script-reference/types.html#type-double>.
> > to_int
> > <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_int>:
> > function
> > <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> > a string
> > <https://www.bro.org/sphinx/script-reference/types.html#type-string> to
> > an int <https://www.bro.org/sphinx/script-reference/types.html#type-int>.
> > to_port
> > <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_port>
> > : function
> > <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> > a string
> > <https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
> > port <https://www.bro.org/sphinx/script-reference/types.html#type-port>.
> > to_subnet
> > <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_subnet>
> > : function
> > <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> > a string
> > <https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
> > subnet
> > <https://www.bro.org/sphinx/script-reference/types.html#type-subnet>.
> > Am I missing something ?
> >
> > Thanks in advance
> > Moh
> >
> >

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list