[Bro] Specifying File Extraction Limit

Damon Rouse damonrouse at gmail.com
Mon Aug 10 11:53:45 PDT 2015


I seem to have having a similar issue with the way I was limiting the size
of my extracted files too.  Under 2.3.2, popping the following redef in my
local.bro worked perfectly:  redef FileExtract::default_limit = 25000000;

Under 2.4, I have larger files being extracted like Jason.

Thanks
Damon

On Mon, Aug 10, 2015 at 11:17 AM, Jason Batchelor <jxbatchelor at gmail.com>
wrote:

> Hello all:
>
> With the 2.4 release is it still best practice so specify file extraction
> size limit as follows...
>
> Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname,
> $extract_limit=<FILE LIMIT>]);
>
> I ask because I seem to be getting files extracted greater than my imposed
> limit on occasion and was wondering if something had changed?
>
> Thanks,
> Jason
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150810/3433f81e/attachment.html 


More information about the Bro mailing list