[Bro] Split path into directory and filename
Seth Hall
seth at icir.org
Mon Aug 15 06:20:59 PDT 2011
On Aug 13, 2011, at 9:45 PM, Peter Erickson wrote:
> Is there a way use regex to extract portions of a string? I'm trying to
> write a function that accepts a path and breaks it into a directory and
> filename (/tmp/file.txt => [ /tmp, file.txt ]). I would like to do
> something as easy as /(\/.+)/([^\/]+)$/, but am not sure it's possible
> with bro (I wrote the expr quick so there are probably typos).
Nope, Bro's regular expressions don't support captures. You did it exactly the same way that I would have, by splitting on /\// and taking the last value as the file name and the rest as the path.
> The reason I ask is I'm looking to modify the http/file-extract.bro
> script so that the http responses are saved into a directory structure
> based on the src and dst ip addresses (e.g. http-items/src_ip/dst_ip).
Ah, that's interesting. We need to rework the way that works to put more control of the file naming in users hands, it's a definite shortcoming in the current iteration. I'll refactor it a little bit soon so that you can accomplish what you want without having to rewrite bits of functionality. :)
> I plan to modify the generate_extraction_filename to create this path
> and then send the filename to a function to create the directory
> structure. (I know that modifying generate_extraction_filename will have
> adverse affects on other scripts, but I plan to update those as well.)
Yeah, I generally don't like the way I wrote that.
> function mkdirs(dir: string): bool {
Thanks for this function. I'll integrate it in some form soon.
Since I see that using the code from the repository, I'd be happy to find how your experience with it has been if you are interested in sharing.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list