[Bro] Filenames not extracted in files.log

Bob Probert bruisebrotherprobert at gmail.com
Wed Apr 30 06:47:43 PDT 2014

Thanks for the thoughtful replies Chuck and Seth.

I will add this field to my files log and name it "inferred_filename". For
everyone else on the list, I will forward this along when I'm finished.

Seth - I don't agree with your assumption that I don't want to see the
filename from the URL, I think that this is pretty relevant data,
especially when viewed from a security context. I do however agree that one
should definitely not "trust" the URL. This is the beauty of Bro - I can
add and remove this data at my discretion :-).

Thanks again!!

On Tue, Apr 29, 2014 at 8:16 PM, Seth Hall <seth at icir.org> wrote:

> On Apr 29, 2014, at 10:42 PM, Charles A. Fair <charles.fair at mac.com>
> wrote:
> > The file analysis framework does not annotate the original file names as
> I understand it.
> The file analysis framework itself doesn't do it.  Some of the protocol
> scripts poke forward into files transferred and annotate the files log with
> a file name if a suitable one was found.
>   .Seth
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140430/30655a17/attachment.html 

More information about the Bro mailing list