"to_string" ?

Hello,

I am creating a simple script to plot specific fields for different protocols counted and sorted.

Your suggestions and feedback will be highly appreciated. Its just a prototype for basic HTTP fields, but I am planning to include DNS,SMB,SMTP and SSL.

You can find the script here: https://github.com/eaam/Bro/blob/master/dissect.bro

On a side note, I am stuck upon a situation where I wanted to handle all incoming data as strings regardless of the original field type. (For example, I would like to treat HTTP STATUS CODE as a string and not count, the same for IP, Ports…etc). however, I could not find something like “to_string” function here

https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html .

to_addr: function | Converts a string to an addr. |

• | - |
  to_count: function | Converts a string to a count. |
  to_double: function | Converts a string to a double. |
  to_int: function | Converts a string to an int. |
  to_port: function | Converts a string to a port. |
  to_subnet: function | Converts a string to a subnet. |

Am I missing something ?

Thanks in advance
Moh

You should be able to just use fmt().

mystring = fmt("%d",status_code);

Dop

And for one more alternative, which is used quite extensively in the Bro
base scripts - the cat function can convert basically anything into
strings.

https://www.bro.org/sphinx/scripts/base/bif/bro.bif.bro.html#id-cat

Johanna