[Bro] File extraction in different directories (maybe day vise)

[Hosom, Stephen M]

One of the arguments for attaching the file extraction analyzer is the filename that you want it to extract to. So long as you’re building this filename on the fly every time you attach the analyzer, you should be able to specify a different directory for every file—if you wished for such a thing.

Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);

Where I have specified “fname”, just specify the string of the filename/path that you would like to store the file.

From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of fatema bannatwala
Sent: Monday, November 28, 2016 2:15 PM
To: bro at bro.org
Subject: [Bro] File extraction in different directories (maybe day vise)

HI,

Just wanted to check-in, so that I don't re-invent the wheel, is there any way, or if somebody has tried extracting the files in different directories,i.e maybe in daily directory (just like bro logs the events in the day vise directory)?
Right now we have over thousands of files extracted in a single directory and it's getting harder to manage the one single directory to access the extracted files, hence was looking into the Bro logging framework so that I can steal some code from the event logging and rotation part for the file extraction script.
Any other way around to it?

Appreciate the help.

Thanks,
Fatema.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161128/061b9e37/attachment.html