[Bro] BRO 2.4.1. extracted file handling
johanna at icir.org
Fri Mar 25 10:02:20 PDT 2016
On Mon, Mar 21, 2016 at 11:01:50AM -0400, john smith wrote:
> 1. Right now, all the extracted files are in ASCII format. Is there any
> easy way to save them in JSON?
The files are extracted in the way that they are encountered on the wire.
Bro does not do any processing on them. So - if they are ASCII, they are
written as ASCII.
> 2. Would it be possible to add an extracted file itself to file.log? If
> not, is there any way to copy the extracted file to a new log stream?
File extractions happens outside of the normal logging framework; there
currently is no easy way to copy extracted files to other log streams.
I hope this helps,
More information about the Bro