[Bro-Dev] template language
Seth Hall
seth at icir.org
Fri Mar 18 19:22:44 PDT 2011
I know some of you will laugh about this feature request, but I'm going to ask for it anyway. :)
I would like a BiF (or something) that would implement a minimal template language. If it used the state tracking records to pull field values from, that would be even better! I'll give an example...
type Log: record {
a: count;
b: string;
c: addr;
};
global abc: Log = [$a=1, $b="test", $c=1.2.3.4];
print template_fmt("{{a}}-{{b}}-{{c}}", abc);
This would print...
1-test-1.2.3.4
I already want to use something like this to implement file extraction one-liners so that people can arbitrarily name extracted files from the command line like this:
bro -r traffic.trace -e "HTTP_Extract::file_types=/application.*/ HTTP_Extract::file_name_template=\"{{id}}-{{url}}-{{filename}}.exe\"" http-extract
I think it would be useful in other ways too. Especially if we end up moving to these state records that have a lot of data in them.
Any thoughts?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list