[Bro] An assist with file extraction
jlay at slave-tothe-box.net
Fri Apr 17 13:40:59 PDT 2015
On 2015-04-17 02:20 PM, Seth Hall wrote:
>> On Apr 17, 2015, at 1:40 PM, James Lay <jlay at slave-tothe-box.net>
>> This appears to function ok....Office doc XML format end up as zips,
>> which is fine by me.
> This will be fixed in 2.4. New xml Office files will be identified
> application/vnd.openxmlformats-officedocument in case a better option
> wasn’t discovered. And, yes, those are the *actual* mime types for
> Office documents.
>> Also...I have bro log files zipped and rotated at midnight..is there
>> a way to include the extract_files directory in that rotation, or,
>> even better, have the extracted files go into a directory name with
>> say something like /mnt/backup/extract_files/04-16-16 and change per
> Please feel free to file a ticket. That would be a nice trick. :)
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
And one last bit....could I theoretically redef extract_files?
share/bro/base/files/extract/main.bro: const prefix =
I could always symlink that directory to a different drive but
eh....the more I can shove into the script the better. Thanks again.
More information about the Bro