Extend file extraction log.

- New fields: extracted_cutoff and extracted_size. These fields will be null if the file isn't extracted. - Extended the extraction test to test the files log too.
2025-10-16 21:48:21 +00:00 · 2017-01-25 01:16:46 -05:00 · 2017-01-25 01:16:46 -05:00 · 2d1f007186
commit 2d1f007186
parent fdb19872b4
3 changed files with 25 additions and 0 deletions
--- a/testing/btest/Baseline/scripts.base.files.extract.limit/files.log
+++ b/testing/btest/Baseline/scripts.base.files.extract.limit/files.log
@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	files
+#open	2017-01-25-06-12-45
+#fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	extracted	extracted_cutoff	extracted_size	md5	sha1	sha256
+#types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	bool	count	string	string	string
+1363628702.262149	FGy9Oo9JLY8SFxMJ2	141.142.192.162	141.142.228.5	ClEkJM2Vm5giqnMf4h	FTP_DATA	0	EXTRACT	text/plain	-	0.001059	-	F	16557	-	0	0	F	-	2	T	6000	-	-	-
+#close	2017-01-25-06-12-45
--- a/testing/btest/scripts/base/files/extract/limit.bro
+++ b/testing/btest/scripts/base/files/extract/limit.bro
@ -4,6 +4,7 @@
 # @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T
 # @TEST-EXEC: btest-diff extract_files/2
 # @TEST-EXEC: btest-diff 2.out
+# @TEST-EXEC: btest-diff files.log
 # @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T
 # @TEST-EXEC: btest-diff extract_files/3
 # @TEST-EXEC: btest-diff 3.out