[Bro] Calling external scripts on extracted files
Hosom, Stephen M
hosom at battelle.org
Wed Oct 4 06:24:45 PDT 2017
Vikram,
I'm the author of the package that you're using. Happy to help!
I don't know why it is precisely that your script is not working, however, I have good examples of how to do this type of activity within the plugin.
Check out the file store-files-by-md5.bro withing the plugins directory.
This script uses the mv command to move files and rename them based on their hash once Bro finishes extracting them and is a good example of how to perform an action on a file once it has been extracted "the right way".
Please let me know if you have any issues... You may find that I am more responsive to the issues page for the project on GitHub.
Thanks,
Stephen
________________________________
From: bro-bounces at bro.org <bro-bounces at bro.org> on behalf of Vikram Basu <vikrambasu059 at gmail.com>
Sent: Wednesday, October 4, 2017 8:54:59 AM
To: bro at bro.org
Subject: [Bro] Calling external scripts on extracted files
Message received from outside the Battelle network. Carefully examine it before you open any links or attachments.
Hi,
I am using the bro file-extraction script from the bro-pkg manager and want to run a python script as soon as the file is completely extracted.
Currently I am calling the script using the Bro Exec::run command after modifying the script but often times the script is running before the file has finished extracted and is failing as a result.
How can I make it so that Bro calls the script after file has already been extracted?
I thought maybe using file_state_remove would help but even in that case I am getting
/Input::READER_RAW: Child process exited with non-zero return code 127
which I am assuming means the script was run before the file as truly extracted?
Any advice would be much appreciated.
Regards
Vikram
More information about the Bro
mailing list