[Bro] File Extraction: doc/xls=ok, docx/xlsx=ko
Josh Liburdi
liburdi.joshua at gmail.com
Fri Feb 19 07:20:49 PST 2016
Apologies if I missed it, but which version of Bro are you running?
Josh
On Fri, Feb 19, 2016 at 9:54 AM, <puntogtg at tiscali.it> wrote:
> Hi,
> I added but tells me
>
> identifier not defined: fa_metadata
>
>
>
>
>
>
> Il 19.02.2016 15:17 Seth Hall ha scritto:
>
> On Feb 19, 2016, at 3:05 AM, puntogtg at tiscali.it wrote: Of course the user
> has rights to write in that folder and the folder exist, in fact with
> previous conf everything is ok, apart the name of the files..
>
> Ugh, I just realized the problem...
>
> if ( f?$mime_type )
> ext = ext_map[f$mime_type];
>
> That code can't work in the file_new event. In Bro 2.4, there is a new
> event named file_sniff. It's at the point where some content from the file
> has been seen and Bro has had a chance to look at it and take a guess about
> the file type. You aren't seeing any file extraction because you have a
> return statement that's returning if there is no known file extension (which
> there isn't at that point!).
>
> event file_sniff(f: fa_file, meta: fa_metadata)
> {
> if ( meta?$mime_type )
> {
> # put your code here...
> }
> }
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
>
>
> Connetti gratis il mondo con la nuova indoona: hai la chat, le chiamate, le
> video chiamate e persino le chiamate di gruppo.
> E chiami gratis anche i numeri fissi e mobili nel mondo!
> Scarica subito l’app Vai su https://www.indoona.com/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list