Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/seth/files-reassembly-and-mime-updates

Browse source 
Conflicts:
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
This commit is contained in:
Seth Hall 2014-11-05 11:40:26 -05:00
commit 842dfd8b4a
55 changed files with 868 additions and 590 deletions
Download patch file Download diff file Expand all files Collapse all files

24
testing/scripts/file-analysis-test.bro
View file

@ -56,18 +56,6 @@ event file_new(f: fa_file)
[$chunk_event=file_chunk,
$stream_event=file_stream]);
}
if ( f?$bof_buffer )
{
print "FILE_BOF_BUFFER";
print f$bof_buffer[0:11];
}
if ( f?$mime_type )
{
print "MIME_TYPE";
print f$mime_type;
}
}
event file_over_new_connection(f: fa_file, c: connection, is_orig: bool)
@ -93,6 +81,18 @@ event file_state_remove(f: fa_file)
for ( cid in f$conns )
print cid;
if ( f?$bof_buffer )
{
print "FILE_BOF_BUFFER";
print f$bof_buffer[0:11];
}
if ( f$info?$mime_type )
{
print "MIME_TYPE";
print f$info$mime_type;
}
if ( f?$total_bytes )
print "total bytes: " + fmt("%s", f$total_bytes);
if ( f?$source )