Getting a "constant" value into a custom parser

Unanswered Question


I have written several custom parsers, all of which extract source/dest IP and port from raw messages. They're all working fine in that respect.

What I need is for the MARS to also parse out the "protocol" value, which isn't present in the messages as they apply exclusively to TCP traffic. Can I have the MARS match on some arbitrary string and put a constant into the "protocol" field, rather than attempt to parse it out from the raw message?

many thanks,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion