Hello,
I’m having problems getting file names from fa_file - the field f$info$filename is showing up uninitialized on every single fa_file in all my tests. Is there a known reason why this would be happening? I’m using Bro 2.3, but I tested on 2.4 as well and got the same results.
Are there any alternative ways to get file names? For now I’m parsing the URL returned by Files::describe(f), but this does not work if the URL doesn’t contain the file name, or if the file was transferred with a protocol other than HTTP.
Thanks,
Nathan Pigott
Filename does not always exist. That field is only created under circumstances where the protocol has a portion that would tell the server or client receiving the file what the name should be—most commonly that applies to HTTP. What is it that you’re trying to do with filenames, or what information are you attempting to derive from them? Generally it isn’t wise to trust filenames that you see on the wire for a whole lot.
Filename does not always exist. That field is only created under circumstances where the protocol has a portion that would tell the server or client receiving the file what the name should be—most commonly that applies to HTTP. What is it that you’re trying to do with filenames, or what information are you attempting to derive from them? Generally it isn’t wise to trust filenames that you see on the wire for a whole lot.