[Bro] BRO 2.4.1. extracted file handling

Johanna Amann johanna at icir.org
Fri Mar 25 10:02:20 PDT 2016


On Mon, Mar 21, 2016 at 11:01:50AM -0400, john smith wrote:
> 1. Right now, all the extracted files are in ASCII format. Is there any
> easy way to save them in JSON?

The files are extracted in the way that they are encountered on the wire.
Bro does not do any processing on them. So - if they are ASCII, they are
written as ASCII.

>  2. Would it be possible to add an extracted file itself to file.log? If
> not, is there any way to copy the extracted file to a new log stream?

File extractions happens outside of the normal logging framework; there
currently is no easy way to copy extracted files to other log streams.

I hope this helps,

