Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

FileAnalysis: remove some file events.

Browse source 
The file_new event now takes over the function of file_type, file_bof,
and file_bof_buffer.
This commit is contained in:
Jon Siwek 2013-04-10 14:34:23 -05:00
parent a2d9b47bcd
commit d9321e2203
28 changed files with 191 additions and 243 deletions
Download patch file Download diff file Expand all files Collapse all files

42
testing/scripts/file-analysis-test.bro
View file

@ -40,37 +40,15 @@ event file_new(f: fa_file)
$chunk_event=file_chunk,
$stream_event=file_stream]);
}
}
event file_over_new_connection(f: fa_file)
{
print "FILE_OVER_NEW_CONNECTION";
}
event file_timeout(f: fa_file)
{
print "FILE_TIMEOUT";
}
event file_bof(f: fa_file)
{
print "FILE_BOF";
}
event file_bof_buffer(f: fa_file)
{
print "FILE_BOF_BUFFER";
if ( f?$bof_buffer )
{
print "FILE_BOF_BUFFER";
print f$bof_buffer[0:10];
}
}
event file_type(f: fa_file) &priority=-5
{
}
event file_type(f: fa_file)
{
print "FILE_TYPE";
if ( f?$file_type || f?$mime_type )
print "FILE_TYPE";
# not actually printing the values due to libmagic variances
if ( f?$file_type )
{
@ -84,6 +62,16 @@ event file_type(f: fa_file)
}
}
event file_over_new_connection(f: fa_file)
{
print "FILE_OVER_NEW_CONNECTION";
}
event file_timeout(f: fa_file)
{
print "FILE_TIMEOUT";
}
event file_gap(f: fa_file)
{
print "FILE_GAP";