[Bro] select element of set of records
Reinhard Gentz
rgentz at asu.edu
Tue Nov 15 15:27:09 PST 2016
Thank you for your input. The conversion to tables did what I wanted. Thanks
As a side effort to this project I made a bro2rabbitmq script that can take
any data from bro and send it out to rabbitmq via broker. Once fully
finished I will upload it to github...
On Tue, Nov 15, 2016 at 2:55 PM, Azoff, Justin S <jazoff at illinois.edu>
wrote:
>
> > On Nov 15, 2016, at 4:46 PM, Reinhard Gentz <rgentz at asu.edu> wrote:
> >
> > The reason is that the creation of the set elements and sending them out
> might not happen at the same time and i do not know how how many elements I
> will have.
> > The overall idea is that i make one element in the set for each ip
> address observed, that will have each the corresponding subelements a,b,c
> saved.
> > If a critical condition occurs then send the record of that single ip
> (with the corresponding elements a,b,c) out to python for handling.
> >
> >
> > Second from that I thought i can access the elements the following way
> but it does not work as expected, tell me what i am doing wrong:
> > myrecord2[mytest($b="1")]$a #from myrecord2 take the set element
> record where b is "1" and from that return the content of a.
>
> You don't want a set then, you want a table[string] of mytest and
>
> mytable["1"] = mytest($b="1", a="2");
> mytable["2"] = mytest($b="2", a="4");
> ...
> mytable["1"]$a
>
> or something similar.. It's hard to say without more information.. but you
> definitely do not want a set.
>
> --
> - Justin Azoff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161115/4af8c19d/attachment-0001.html
More information about the Bro
mailing list