[Bro] How to use the source address as the vector index
Qinwen Hu
qhu009 at aucklanduni.ac.nz
Sat Mar 8 18:58:43 PST 2014
Dear all,
My name is Steven, I am a new Bro user. Recently, I work on one projector,
which requires the Bro to save the payload into vector and use the packet's
source address as the index.
So I have defined the vector
redef record connection += {
dns: Info &optional;
dns_state: State &optional;
v1: vector of string &optional;
};
and I try to use
c$v1[c$id$orig_h] = query;
I notice that the vector index is a interge, so how can I convert the
c$id$orig_h
into a interge?
All suggestions are welcome, Many thanks
Regards,
Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140309/474ac2ca/attachment.html
More information about the Bro
mailing list