File extraction in different directories (maybe day vise)

fatema_bannatwala · November 28, 2016, 7:14pm

HI,

Just wanted to check-in, so that I don’t re-invent the wheel, is there any way, or if somebody has tried extracting the files in different directories,i.e maybe in daily directory (just like bro logs the events in the day vise directory)?
Right now we have over thousands of files extracted in a single directory and it’s getting harder to manage the one single directory to access the extracted files, hence was looking into the Bro logging framework so that I can steal some code from the event logging and rotation part for the file extraction script.
Any other way around to it?

Appreciate the help.

Thanks,
Fatema.

Hosom_Stephen_M · November 28, 2016, 7:46pm

One of the arguments for attaching the file extraction analyzer is the filename that you want it to extract to. So long as you’re building this filename on the fly every time you attach the analyzer, you should be able to specify a different directory for every file—if you wished for such a thing.

Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);

Where I have specified “fname”, just specify the string of the filename/path that you would like to store the file.

fatema_bannatwala · November 29, 2016, 3:18pm

Thanks Stephen for the solution, finally got it working.

Fatema.

Topic		Replies	Views
Extract.bro Question Zeek	2	100	May 6, 2022
File Extraction: doc/xls=ok, docx/xlsx=ko Zeek	13	108	May 6, 2022
File Extraction Directory Zeek	4	118	May 6, 2022
Bro Digest, Vol 127, Issue 46 Zeek	2	67	May 6, 2022
extract_files Development development	1	102	May 6, 2022

File extraction in different directories (maybe day vise)

Related topics