Improvements to file analysis docs

Fixed reference to wrong field name. Added documentation of a function arg. Added a couple references to other parts of the documentation. Explained how not specifying extraction filename results in automatic filename generation. Several other minor clarifications.
2025-10-06 08:38:20 +00:00 · 2013-10-11 16:31:53 -05:00 · 2013-10-11 16:31:53 -05:00 · b5af589246
commit b5af589246
parent 60b2c5f1fe
3 changed files with 24 additions and 17 deletions
--- a/src/file_analysis/analyzer/extract/events.bif
+++ b/src/file_analysis/analyzer/extract/events.bif
@ -1,6 +1,6 @@
 ## This event is generated when a file extraction analyzer is about
-## to exceed the maximum permitted file size allowed by
-## *extract_size_limit* field of :bro:see:`Files::AnalyzerArgs`.
+## to exceed the maximum permitted file size allowed by the
+## *extract_limit* field of :bro:see:`Files::AnalyzerArgs`.
 ## The analyzer is automatically removed from file *f*.
 ##
 ## f: The file.
@ -13,7 +13,7 @@
 ##
 ## offset: The offset at which a file chunk is about to be written.
 ##
-## len:: The length of the file chunk about to be written.
+## len: The length of the file chunk about to be written.
 ##
 ## .. bro:see:: Files::add_analyzer Files::ANALYZER_EXTRACT
 event file_extraction_limit%(f: fa_file, args: any, limit: count, offset: count, len: count%);