[Bro] adding date into file extraction directory

김희철 hckim at narusec.com
Thu Jun 13 03:30:17 PDT 2013


I made change to local.bro to do http file extraction
and set the saving directory to ../files/http/file-http

problem is there is to many files in the http directory

so is there a way to make auto date directory under http

..files/http/today's date/file-http
and date changes automatically.

I used the command
redef HTTP::extract_file_types = /application\/.*/;
redef HTTP::extraction_prefix = "../files/http/file-http";

thank you
