[Bro] ANALYZER_* resolution
Seth Hall
seth at icir.org
Fri Dec 7 18:33:43 PST 2012
On Dec 7, 2012, at 8:35 PM, Justin Thomas <justin at justinthomas.name> wrote:
> Instead of that "13" at the end, I want "ANALYZE_HTTP". But obviously, I don't want to just make that association manually - I'm sure there must be a way to get the analyzer name programmatically, I just can't seem to find it.
## Translate an analyzer type to an ASCII string.
##
## aid: The analyzer ID.
##
## Returns: The analyzer *aid* as string.
##
## .. bro:see:: expect_connection disable_analyzer current_analyzer
function analyzer_name%(aid: count%) : string
That should work.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list