FileAnalysis: separating IRC/FTP data analyzers.

It simplifies the file handle string callbacks.

scripts/base/protocols/ftp/file-analysis.bro

@@ -2,10 +2,11 @@
 @load base/utils/conn-ids
 @load base/frameworks/file-analysis/main
 
-redef FileAnalysis::service_handle_callbacks += {
-	["ftp-data"] = function(c: connection, is_orig: bool): string
+redef FileAnalysis::handle_callbacks += {
+	[ANALYZER_FTP_DATA] = function(c: connection, is_orig: bool): string
 		{
 		if ( is_orig ) return "";
-		return fmt("%s ftp-data: %s", c$start_time, id_string(c$id));
+		return fmt("%s %s %s", ANALYZER_FTP_DATA, c$start_time,
+		           id_string(c$id));
 		},
 };

scripts/base/protocols/ftp/main.bro

@@ -228,7 +228,8 @@ event ftp_request(c: connection, command: string, arg: string) &priority=5
 			{
 			c$ftp$passive=F;
 			ftp_data_expected[data$h, data$p] = c$ftp;
-			expect_connection(id$resp_h, data$h, data$p, ANALYZER_FILE, 5mins);
+			expect_connection(id$resp_h, data$h, data$p, ANALYZER_FTP_DATA,
+			                  5mins);
 			}
 		else
 			{
@@ -281,7 +282,8 @@ event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &prior
 				data$h = id$resp_h;
 			
 			ftp_data_expected[data$h, data$p] = c$ftp;
-			expect_connection(id$orig_h, data$h, data$p, ANALYZER_FILE, 5mins);
+			expect_connection(id$orig_h, data$h, data$p, ANALYZER_FTP_DATA,
+			                  5mins);
 			}
 		else
 			{