[Bro] postprocessing extracted files
Frank Meier
franky.meier.1 at gmx.de
Wed Apr 15 00:45:01 PDT 2015
Hi.
I want to use Bro to extract files. After extraction these files will
undergo some post-processing (e.g. lookup in a db of known files). Can
I be sure, that a file logged in files.log with its hash has been
written to disk completely?
If not, I have two ideas how to solve this:
1) use a temporary filename until the file is completely written (like
a prefix/postfix). exclude temporary files from post-processing.
2) emit an appropriate signal from Extract::~Extract() after the file
is closed.
I would be happy to implement a solution.
Franky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150415/d3ffef22/attachment.html
More information about the Bro
mailing list