[Bro] files.log - no filename over http
Seth Hall
seth at corelight.com
Tue Aug 21 13:39:50 PDT 2018
On 21 Aug 2018, at 16:16, Azoff, Justin S wrote:
> It wouldn't be that hard to write a script that sets the filename to
> the last component of the uri path though, if that's what
> you really wanted.
I need to write a script for people to test. I discussed a set of
conditions in which we can pull the file name from the url and be
reasonably certain that the uri path component was referencing a file on
disk (as Izik showed in his log). I'll see if I can get to that
tonight. If enough people test it and it seems to work reasonably well
I think we could roll it into Bro directly.
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list