[Bro] Record use

Michael Black mdblack98 at yahoo.com
Thu Jun 25 11:21:22 PDT 2015


I'm trying to keep a count of total bytes between IP pairs.
Type Bandwidht: record {
	pair: string &log;
	bytesIn: count &log;
	bytesOut: count &log;
};
global bandwidth: set[Bandwidth];

If all I have in the record is just "pair" this works OK.
local mypair = fmt("%s,%s",c$id$orig_h,c$id$resp_h);
local thispair: Bandwidth;
thispair$pair = mypair;
if (thispair in bandwidth)
..do stuff
else {
	add bandwidth[thispair];
}


But.if I add the bytes In/Out to the record and thispair it never finds
thispair in bandwidth as though it's looking for match on bytes too.
I assume there's a simple solution.

Can't seem to find a reference on the syntax.

Thanks
Mike




More information about the Bro mailing list