[Bro] "to_string" ?
M A
zaixer at gmail.com
Sun Jan 1 12:29:14 PST 2017
Hello,
I am creating a simple script to plot specific fields for different
protocols counted and sorted.
Your suggestions and feedback will be highly appreciated. Its just a
prototype for basic HTTP fields, but I am planning to include DNS,SMB,SMTP
and SSL.
You can find the script here:
https://github.com/eaam/Bro/blob/master/dissect.bro
On a side note, I am stuck upon a situation where I wanted to handle all
incoming data as strings regardless of the original field type. (For
example, I would like to treat HTTP STATUS CODE as a string and not count,
the same for IP, Ports...etc). however, I could not find something like
"to_string" function here
https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html .
to_addr
<https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_addr>:
function
<https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
a string
<https://www.bro.org/sphinx/script-reference/types.html#type-string> to an
addr <https://www.bro.org/sphinx/script-reference/types.html#type-addr>.
to_count
<https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_count>:
function
<https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
a string
<https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
count <https://www.bro.org/sphinx/script-reference/types.html#type-count>.
to_double
<https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_double>
: function
<https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
a string
<https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
double <https://www.bro.org/sphinx/script-reference/types.html#type-double>.
to_int
<https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_int>:
function
<https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
a string
<https://www.bro.org/sphinx/script-reference/types.html#type-string> to an
int <https://www.bro.org/sphinx/script-reference/types.html#type-int>.
to_port
<https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_port>:
function
<https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
a string
<https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
port <https://www.bro.org/sphinx/script-reference/types.html#type-port>.
to_subnet
<https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_subnet>
: function
<https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
a string
<https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
subnet <https://www.bro.org/sphinx/script-reference/types.html#type-subnet>.
Am I missing something ?
Thanks in advance
Moh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170101/7fc1ffa8/attachment.html
More information about the Bro
mailing list