[Bro] An assist with file extraction

Seth Hall seth at icir.org
Fri Apr 17 13:20:57 PDT 2015

> On Apr 17, 2015, at 1:40 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> This appears to function ok....Office doc XML format end up as zips, which is fine by me.

This will be fixed in 2.4.  New xml Office files will be identified as....

application/vnd.openxmlformats-officedocument in case a better option wasn’t discovered.  And, yes, those are the *actual* mime types for MS Office documents.

> Also...I have bro log files zipped and rotated at midnight..is there a way to include the extract_files directory in that rotation, or, even better, have the extracted files go into a directory name with say something like /mnt/backup/extract_files/04-16-16 and change per day? 

Please feel free to file a ticket.  That would be a nice trick. :)


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list