I’ve two questions about file extraction handling with BRO 2.4.1.
Right now, all the extracted files are in ASCII format. Is there any easy way to save them in JSON?
Would it be possible to add an extracted file itself to file.log? If not, is there any way to copy the extracted file to a new log stream?
Thank you very much in advance.
John
Hello,
1. Right now, all the extracted files are in ASCII format. Is there any
easy way to save them in JSON?
The files are extracted in the way that they are encountered on the wire.
Bro does not do any processing on them. So - if they are ASCII, they are
written as ASCII.
2. Would it be possible to add an extracted file itself to file.log? If
not, is there any way to copy the extracted file to a new log stream?
File extractions happens outside of the normal logging framework; there
currently is no easy way to copy extracted files to other log streams.
I hope this helps,
Johanna