[Bro] Fwd: Certificate extraction issue
Timur Makarchuk
makarchuk at group-ib.com
Fri Feb 2 05:12:16 PST 2018
---------- Forwarded message ---------
From: Timur Makarchuk <makarchuk at group-ib.com>
Date: пт, 2 февр. 2018 г. в 16:09
Subject: Certificate extraction issue
To: <bro at bro.org>
Hello, everybody
I have a trouble I can't wrap my head around.
I'm trying to extract SSL certificates from traffic and I have and event
handler like this:
```
event x509_certificate (f: fa_file, cert_ref: opaque of x509, cert:
X509::Certificate) {
local fileName = fmt("%s", current_time());
print fileName;
local fname = fmt("%s%s.%s", path, fileName, "pem");
local args: Files::AnalyzerArgs = record($extract_filename=fname);
Files::add_analyzer(f, Files::ANALYZER_EXTRACT, args);
}
```
For some reason I don't understand Bro can't add Analyzer to my files and
I'm not getting any files extracted
```
1517409279.894576 warning in
/opt/bro/share/bro/base/frameworks/files/./main.bro, line 394: Analyzer
Files::ANALYZER_EXTRACT not added successfully to file Fp4AgEzEtME36Nfl2.
```
Any help will be much appreciated
Thanks,
Timur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180202/e93ba5ab/attachment.html
More information about the Bro
mailing list