[Bro] select element of set of records
Azoff, Justin S
jazoff at illinois.edu
Tue Nov 15 13:55:50 PST 2016
> On Nov 15, 2016, at 4:46 PM, Reinhard Gentz <rgentz at asu.edu> wrote:
>
> The reason is that the creation of the set elements and sending them out might not happen at the same time and i do not know how how many elements I will have.
> The overall idea is that i make one element in the set for each ip address observed, that will have each the corresponding subelements a,b,c saved.
> If a critical condition occurs then send the record of that single ip (with the corresponding elements a,b,c) out to python for handling.
>
>
> Second from that I thought i can access the elements the following way but it does not work as expected, tell me what i am doing wrong:
> myrecord2[mytest($b="1")]$a #from myrecord2 take the set element record where b is "1" and from that return the content of a.
You don't want a set then, you want a table[string] of mytest and
mytable["1"] = mytest($b="1", a="2");
mytable["2"] = mytest($b="2", a="4");
...
mytable["1"]$a
or something similar.. It's hard to say without more information.. but you definitely do not want a set.
--
- Justin Azoff
More information about the Bro
mailing list