[Oisf-users] file extraction didn't work on Ubuntu 12.04/Suri-2.0
Peter Manev
petermanev at gmail.com
Mon Mar 31 07:14:27 UTC 2014
On Mon, Mar 31, 2014 at 9:09 AM, Shawn <citypw at gmail.com> wrote:
> On Mon, Mar 31, 2014 at 2:37 PM, Peter Manev <petermanev at gmail.com> wrote:
>> Can you try loading just that rule -
>>
>> alert http any any -> any any (msg:"FILE store all"; filestore; sid:5; rev:5;)
>>
>> and have a look at the "files" directory, what would the result be?
>>
> #ls
> file.1 file.11.meta file.13.meta file.15.meta file.2
> file.4 file.6 file.8
> file.10 file.12 file.14 file.16 file.2.meta
> file.4.meta file.6.meta file.8.meta
> .....................................
>
> Aha, it's working. I can see some urls like "http://***/*.jpg" in
> these files. But how to save the *.jpg into the "files" directory
> directly?
>
No try this:
alert http any any -> any any (msg:"FILESTORE jpg"; fileext:"jpg";
filestore; sid:6; rev:1;)
any luck?
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list