[Bro] File name from fa_file
Nathan.Pigott at parsons.com
Tue Sep 29 10:08:01 PDT 2015
I'm having problems getting file names from fa_file - the field f$info$filename is showing up uninitialized on every single fa_file in all my tests. Is there a known reason why this would be happening? I'm using Bro 2.3, but I tested on 2.4 as well and got the same results.
Are there any alternative ways to get file names? For now I'm parsing the URL returned by Files::describe(f), but this does not work if the URL doesn't contain the file name, or if the file was transferred with a protocol other than HTTP.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro