[Bro] table of record type

Bernhard Amann bernhard at ICSI.Berkeley.EDU
Thu Dec 26 08:54:07 PST 2013


Hi,

you can populate the table by using…

> hosts[c$id$orig_h] = [$bytes=+0, $stime=network_time()];

You used one set of [] to many (the table contains a plain record). Furthermore,
positive numbers are counts by default - if you specify them explicitly you have
to prefix them with + to tell Bro to use an integer type instead.

Bernhard

On Dec 26, 2013, at 5:26 PM, Kellogg, Brian D (OLN) <bkellogg at dresser-rand.com> wrote:

> type host_type: record {
> bytes: int;
> stime: time;
> };
> 
> type hostTable: table[addr] of host_type;
> 
> global hosts: hostTable;
> 
> I've create the above structure, but I haven't a clue on the syntax to dynamically populate it.  I've tried the below with no success.
> 
> hosts[c$id$orig_h] = [[$bytes=0, $stime=network_time()]];
> 
> 
> 
> Thank you,
> Brian
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro





More information about the Bro mailing list