[ https://bro-tracker.atlassian.net/browse/BIT-1335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19942#comment-19942 ]
Aashish Sharma commented on BIT-1335: ------------------------------------- I prefer keeping protocol + fid - Easy to sort extracted files in different buckets quickly when going through a big pcap. Generally there isn't big need to tie back a file with session since the extractions are "going forward" in workflow. However FID is sufficient to tie backwards with other logs. I am sure you have a better use case for uid+timestamp. I cannot quite think of one. (I take timestamp is for case where multiple files are part of same uid ?) > Extract all files policy script > ------------------------------- > > Key: BIT-1335 > URL: https://bro-tracker.atlassian.net/browse/BIT-1335 > Project: Bro Issue Tracker > Issue Type: New Feature > Components: Bro > Affects Versions: 2.4 > Reporter: grigorescu > Assignee: Jon Siwek > Priority: Trivial > Fix For: 2.4 > > > We've mentioned a few times that it'd be nice to have an "extract all files" > policy script that ships with Bro. Can we get this into 2.4? -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev