Hello,
I have written several custom parsers, all of which extract source/dest IP and port from raw messages. They're all working fine in that respect.
What I need is for the MARS to also parse out the "protocol" value, which isn't present in the messages as they apply exclusively to TCP traffic. Can I have the MARS match on some arbitrary string and put a constant into the "protocol" field, rather than attempt to parse it out from the raw message?
many thanks,
alec