[Bro] File extraction in different directories (maybe day vise)

fatema bannatwala fatema.bannatwala at gmail.com
Tue Nov 29 07:18:22 PST 2016


Thanks Stephen for the solution, finally got it working.

Fatema.

On Mon, Nov 28, 2016 at 2:46 PM, Hosom, Stephen M <hosom at battelle.org>
wrote:

> One of the arguments for attaching the file extraction analyzer is the
> filename that you want it to extract to. So long as you’re building this
> filename on the fly every time you attach the analyzer, you should be able
> to specify a different directory for every file—if you wished for such a
> thing.
>
>
>
> Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=
> fname]);
>
> Where I have specified “fname”, just specify the string of the
> filename/path that you would like to store the file.
>
>
>
> *From:* bro-bounces at bro.org [mailto:bro-bounces at bro.org] *On Behalf Of *fatema
> bannatwala
> *Sent:* Monday, November 28, 2016 2:15 PM
> *To:* bro at bro.org
> *Subject:* [Bro] File extraction in different directories (maybe day vise)
>
>
>
> HI,
>
>
>
> Just wanted to check-in, so that I don't re-invent the wheel, is there any
> way, or if somebody has tried extracting the files in different
> directories,i.e maybe in daily directory (just like bro logs the events in
> the day vise directory)?
>
> Right now we have over thousands of files extracted in a single directory
> and it's getting harder to manage the one single directory to access the
> extracted files, hence was looking into the Bro logging framework so that I
> can steal some code from the event logging and rotation part for the file
> extraction script.
>
> Any other way around to it?
>
>
>
> Appreciate the help.
>
>
>
> Thanks,
>
> Fatema.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161129/d47af5dc/attachment.html 


More information about the Bro mailing list