[Bro] File Extraction: doc/xls=ok, docx/xlsx=ko

puntogtg at tiscali.it puntogtg at tiscali.it
Fri Feb 19 06:54:23 PST 2016

I added but tells me 

identifier not defined: fa_metadata

19.02.2016 15:17 Seth Hall ha scritto: 

>> On Feb 19, 2016, at 3:05 AM,
puntogtg at tiscali.it [1] wrote: Of course the user has rights to write in
that folder and the folder exist, in fact with previous conf everything
is ok, apart the name of the files..
> Ugh, I just realized the
> if ( f?$mime_type )
> ext = ext_map[f$mime_type];
That code can't work in the file_new event. In Bro 2.4, there is a new
event named file_sniff. It's at the point where some content from the
file has been seen and Bro has had a chance to look at it and take a
guess about the file type. You aren't seeing any file extraction because
you have a return statement that's returning if there is no known file
extension (which there isn't at that point!).
> event file_sniff(f:
fa_file, meta: fa_metadata)
> {
> if ( meta?$mime_type )
> {
> # put
your code here...
> }
> }
> .Seth
> --
> Seth Hall
> International
Computer Science Institute
> (Bro) because everyone has a network
http://www.bro.org/ [2]

Connetti gratis il mondo con la nuova indoona:  hai la chat, le chiamate, le video chiamate e persino le chiamate di gruppo.
E chiami gratis anche i numeri fissi e mobili nel mondo!
Scarica subito l’app Vai su https://www.indoona.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160219/e7b64e14/attachment.html 

More information about the Bro mailing list