[Bro] File Extraction: doc/xls=ok, docx/xlsx=ko

Seth Hall seth at icir.org
Thu Feb 18 05:46:25 PST 2016


> On Feb 18, 2016, at 3:24 AM, puntogtg at tiscali.it wrote:
> 
>       local fname = fmt("/bro/extracted/%s.%s", f$info$filename, ext);
>            Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
>            break;

Add this outside of any event handler:

redef FilesExtract::prefix = "/bro/extracted/";

Then change the code you gave to:

	local fname = fmt("%s.%s", f$info$filename, ext);
	Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
	break;

 .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list