Merge pull request #395 from Security-Onion-Solutions/fix/zeek_extracted

Fix/zeek extracted
2025-12-06 09:12:45 +01:00 · 2020-03-03 17:41:58 -05:00
parent 84b29839d8 a0522943f7
commit 478b14c488
2 changed files with 4 additions and 1 deletions
--- a/salt/zeek/files/local.zeek
+++ b/salt/zeek/files/local.zeek
@@ -124,3 +124,6 @@ redef LogAscii::json_timestamps = JSON::TS_ISO8601;

 # BPF Configuration
@load securityonion/bpfconf
+
+# Extracted files
+@load securityonion/file-extraction
--- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek
+++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek
@@ -16,6 +16,6 @@ event file_sniff(f: fa_file, meta: fa_metadata)
    if ( meta?$mime_type )
        ext = ext_map[meta$mime_type];

-    local fname = fmt("/nsm/bro/extracted/%s-%s.%s", f$source, f$id, ext);
+    local fname = fmt("/nsm/zeek/extracted/%s-%s.%s", f$source, f$id, ext);
    Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
    }