base/bif/plugins/Zeek_FileExtract.events.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

file_extraction_limit: event

This event is generated when a file extraction analyzer is about to exceed the maximum permitted file size allowed by the extract_limit field of Files::AnalyzerArgs.

Detailed Interface

Events

file_extraction_limit
Type

event (f: fa_file, args: Files::AnalyzerArgs, limit: count, len: count)

This event is generated when a file extraction analyzer is about to exceed the maximum permitted file size allowed by the extract_limit field of Files::AnalyzerArgs. The analyzer is automatically removed from file f.

Parameters
  • f – The file.

  • args – Arguments that identify a particular file extraction analyzer. This is only provided to be able to pass along to FileExtract::set_limit.

  • limit – The limit, in bytes, the extracted file is about to breach.

  • len – The length of the file chunk about to be written.

See also: Files::add_analyzer, Files::ANALYZER_EXTRACT