[Bro] Bro regex documentation

Seth Hall seth at icir.org
Fri Jan 21 07:20:20 PST 2011


On Jan 21, 2011, at 10:04 AM, sridhar basam wrote:

> Yeah, those can be used together to see what i want. Wanted to see if there was something similar to the match function in gawk where the function returns an array of all of the variables you collect in your pattern. I didn't see anything like it.

The match function in gawk only seem to return the position of the beginning of the match?

I this the split_all function should work for what you are trying to do.  Here's a note from the source code...

# For example, split_all("a-b--cd", /(\-)+/) returns {"a", "-", "b",
# "--", "cd"}: odd-indexed elements do not match the pattern
# and even-indexed ones do.

split_all will give you all of the things matching the split regex and the bits between the split regex.  You can just look into the string_array for odd numbers indexes if you want what didn't match as a separator and even if you want what did match.

  .Seth



More information about the Bro mailing list