[Oisf-users] file extraction didn't work on Ubuntu 12.04/Suri-2.0
Shawn
citypw at gmail.com
Mon Mar 31 07:39:06 UTC 2014
On Mon, Mar 31, 2014 at 3:14 PM, Peter Manev <petermanev at gmail.com> wrote:
> On Mon, Mar 31, 2014 at 9:09 AM, Shawn <citypw at gmail.com> wrote:
>> On Mon, Mar 31, 2014 at 2:37 PM, Peter Manev <petermanev at gmail.com> wrote:
>>> Can you try loading just that rule -
>>>
>>> alert http any any -> any any (msg:"FILE store all"; filestore; sid:5; rev:5;)
>>>
>>> and have a look at the "files" directory, what would the result be?
>>>
>> #ls
>> file.1 file.11.meta file.13.meta file.15.meta file.2
>> file.4 file.6 file.8
>> file.10 file.12 file.14 file.16 file.2.meta
>> file.4.meta file.6.meta file.8.meta
>> .....................................
>>
>> Aha, it's working. I can see some urls like "http://***/*.jpg" in
>> these files. But how to save the *.jpg into the "files" directory
>> directly?
>>
>
>
> No try this:
> alert http any any -> any any (msg:"FILESTORE jpg"; fileext:"jpg";
> filestore; sid:6; rev:1;)
>
> any luck?
>
aha, it works!
Thanks, Peter!
>
> --
> Regards,
> Peter Manev
--
GNU powered it...
GPL protect it...
God blessing it...
regards
Shawn
More information about the Oisf-users
mailing list