[Bro] "to_string" ?
Mike Dopheide
dopheide at gmail.com
Sun Jan 1 13:27:07 PST 2017
You should be able to just use fmt().
mystring = fmt("%d",status_code);
Dop
On Sunday, January 1, 2017, M A <zaixer at gmail.com> wrote:
>
> Hello,
>
> I am creating a simple script to plot specific fields for different
> protocols counted and sorted.
>
> Your suggestions and feedback will be highly appreciated. Its just a
> prototype for basic HTTP fields, but I am planning to include DNS,SMB,SMTP
> and SSL.
>
> You can find the script here: https://github.com/eaam/
> Bro/blob/master/dissect.bro
>
>
> On a side note, I am stuck upon a situation where I wanted to handle all
> incoming data as strings regardless of the original field type. (For
> example, I would like to treat HTTP STATUS CODE as a string and not count,
> the same for IP, Ports...etc). however, I could not find something like
> "to_string" function here
>
> https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html .
>
> to_addr
> <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_addr>
> : function
> <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> a string
> <https://www.bro.org/sphinx/script-reference/types.html#type-string> to
> an addr <https://www.bro.org/sphinx/script-reference/types.html#type-addr>
> .
> to_count
> <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_count>
> : function
> <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> a string
> <https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
> count <https://www.bro.org/sphinx/script-reference/types.html#type-count>.
> to_double
> <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_double>
> : function
> <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> a string
> <https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
> double
> <https://www.bro.org/sphinx/script-reference/types.html#type-double>.
> to_int
> <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_int>:
> function
> <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> a string
> <https://www.bro.org/sphinx/script-reference/types.html#type-string> to
> an int <https://www.bro.org/sphinx/script-reference/types.html#type-int>.
> to_port
> <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_port>
> : function
> <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> a string
> <https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
> port <https://www.bro.org/sphinx/script-reference/types.html#type-port>.
> to_subnet
> <https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-to_subnet>
> : function
> <https://www.bro.org/sphinx/script-reference/types.html#type-function> Converts
> a string
> <https://www.bro.org/sphinx/script-reference/types.html#type-string> to a
> subnet
> <https://www.bro.org/sphinx/script-reference/types.html#type-subnet>.
> Am I missing something ?
>
> Thanks in advance
> Moh
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170101/8212505a/attachment-0001.html
More information about the Bro
mailing list