[Bro] An assist with file extraction

James Lay jlay at slave-tothe-box.net
Fri Apr 17 13:40:59 PDT 2015

On 2015-04-17 02:20 PM, Seth Hall wrote:
>> On Apr 17, 2015, at 1:40 PM, James Lay <jlay at slave-tothe-box.net> 
>> wrote:
>> This appears to function ok....Office doc XML format end up as zips, 
>> which is fine by me.
> This will be fixed in 2.4.  New xml Office files will be identified 
> as....
> application/vnd.openxmlformats-officedocument.presentationml.presentation
> application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
> application/vnd.openxmlformats-officedocument.wordprocessingml.document
> and...
> application/vnd.openxmlformats-officedocument in case a better option
> wasn’t discovered.  And, yes, those are the *actual* mime types for 
> MS
> Office documents.
>> Also...I have bro log files zipped and rotated at midnight..is there 
>> a way to include the extract_files directory in that rotation, or, 
>> even better, have the extracted files go into a directory name with 
>> say something like /mnt/backup/extract_files/04-16-16 and change per 
>> day?
> Please feel free to file a ticket.  That would be a nice trick. :)
> 	http://tracker.bro.org
>   .Seth
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/

And one last bit....could I theoretically redef extract_files?

share/bro/base/files/extract/main.bro:  const prefix = 
"./extract_files/" &redef;

I could always symlink that directory to a different drive but 
eh....the more I can shove into the script the better.  Thanks again.


More information about the Bro mailing list