[Bro] ANALYZER_* resolution

Justin Thomas justin at justinthomas.name
Fri Dec 7 21:09:39 PST 2012


I'll get the hang of this one way another; thanks for the pointer.

On Fri, Dec 7, 2012 at 6:33 PM, Seth Hall <seth at icir.org> wrote:

>
> On Dec 7, 2012, at 8:35 PM, Justin Thomas <justin at justinthomas.name>
> wrote:
>
> > Instead of that "13" at the end, I want "ANALYZE_HTTP". But obviously, I
> don't want to just make that association manually - I'm sure there must be
> a way to get the analyzer name programmatically, I just can't seem to find
> it.
>
> ## Translate an analyzer type to an ASCII string.
> ##
> ## aid: The analyzer ID.
> ##
> ## Returns: The analyzer *aid* as string.
> ##
> ## .. bro:see:: expect_connection disable_analyzer current_analyzer
> function analyzer_name%(aid: count%) : string
>
> That should work.
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121207/f63b34c1/attachment.html 


More information about the Bro mailing list