[Zeek] - EXEC framework - run command
william de ping
bill.de.ping at gmail.com
Tue Jun 25 04:37:10 PDT 2019
Never mind, Ive just seen the unlink command :)
On Tue, Jun 25, 2019 at 2:35 PM william de ping <bill.de.ping at gmail.com>
wrote:
> Thank you, that solves one issue I have.
> In case I would like to rm the file, I would have to use the EXEC
> framework, correct ?
>
> On Mon, Jun 24, 2019 at 5:20 PM Justin Azoff <justin at corelight.com> wrote:
>
>> There's no need to use exec for this as there is a rename bif now. I
>> sent a PR to update this:
>>
>> https://github.com/hosom/file-extraction/pull/10/files
>>
>> On Mon, Jun 24, 2019 at 7:34 AM william de ping <bill.de.ping at gmail.com>
>> wrote:
>> >
>> > Hi everyone,
>> >
>> > I'm trying to run the following script :
>> >
>> https://github.com/hosom/file-extraction/blob/master/scripts/plugins/store-files-by-md5.bro
>> >
>> > The issue is that the EXEC::run command is not working as expected.
>> > I run bro on a pcap file, in debug.log I see that a thread was
>> initiated and finished with no issues, however the file is not moved..
>> >
>> > Any ideas ?
>> >
>> > Thank you
>> > B
>> > _______________________________________________
>> > Zeek mailing list
>> > zeek at zeek.org
>> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>>
>>
>>
>> --
>> Justin
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190625/5dfdb7bc/attachment.html
More information about the Zeek
mailing list