From 76c9c6b0d280eb7e82449d3fa6b81f784b1980c7 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Fri, 6 Apr 2018 12:21:27 +0200 Subject: Add output for the filtered register's predecessor --- script/mid.bro | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'script') diff --git a/script/mid.bro b/script/mid.bro index 8f82a50..04060d6 100644 --- a/script/mid.bro +++ b/script/mid.bro @@ -61,8 +61,8 @@ export { }; const enable_filtering : bool = T; - const filter_ip_addr : addr = 192.168.215.66; - const filter_mem_addr : count = 64; + const filter_ip_addr : addr = 192.168.10.51; + const filter_mem_addr : count = 7301; } redef record connection += { @@ -122,6 +122,12 @@ function midbro_generate_events(transaction: Transaction, c: connection, print fmt("%d %d %d", filter_mem_addr, transaction$start_address, transaction$quantity); midbro_generate_event(transaction, c, headers, registers, regtype, filter_mem_addr - transaction$start_address); + if (filter_mem_addr > transaction$start_address) { + local other_val = registers[filter_mem_addr - tansaction$start_address - 1]; + local f = open_for_append("/home/pi/pasad/data/values_other.txt"); + print f, other_val; + close(f); + } } else { local i = 0; while (i < transaction$quantity) { -- cgit v1.2.3