[Bro-Dev] file analysis extraction analyzer

Seth Hall seth at icir.org
Wed Jun 26 06:47:48 PDT 2013


On Jun 26, 2013, at 9:39 AM, Seth Hall <seth at icir.org> wrote:

> event file_extract_end(f: fa_file, filename: string)


Sigh, I'm already reconsidering this.  There is no functional difference between this and the file_state_remove event except for the filename which I should have available elsewhere within the fa_file record.  Let me stew on this a bit more.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the bro-dev mailing list