xmas_schema = library_schema:new( 1, ["time", "ip", "integer", "ip", 
                                         "integer", "string" ], scope() );

filter xmas ip ( )  {

     if (tcp.hdr){
       $dabyte = byte(ip.blob, 13);
       # if SFAURP are all set this is nothing but a malicious packet
       if (!($dabyte ^ 63 )){
         record system.time, ip.src, tcp.sport, ip.dest, tcp.dport, "UAPRSF"
           to xmas_recorder;
         return;
       }

     }
}

xmas_recorder=recorder( "bin/histogram packages/test/xmastree.cfg",
	"xmas_schema"  );