[Bro] File name from fa_file
Pigott, Nathan
Nathan.Pigott at parsons.com
Tue Sep 29 10:08:01 PDT 2015
Hello,
I'm having problems getting file names from fa_file - the field f$info$filename is showing up uninitialized on every single fa_file in all my tests. Is there a known reason why this would be happening? I'm using Bro 2.3, but I tested on 2.4 as well and got the same results.
Are there any alternative ways to get file names? For now I'm parsing the URL returned by Files::describe(f), but this does not work if the URL doesn't contain the file name, or if the file was transferred with a protocol other than HTTP.
Thanks,
Nathan Pigott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150929/26942aa8/attachment-0001.html
More information about the Bro
mailing list