Zeek_FileExtract.events.bif.zeek

GLOBAL

Namespace: GLOBAL

Summary

Events

file_extraction_limit: event

This event is generated when a file extraction analyzer is about to exceed the maximum permitted file size allowed by the extract_limit field of Files::AnalyzerArgs.

Detailed Interface

Events

file_extraction_limit 

Type: event (f: fa_file, args: Files::AnalyzerArgs, limit: count, len: count)

This event is generated when a file extraction analyzer is about to exceed the maximum permitted file size allowed by the extract_limit field of Files::AnalyzerArgs. The analyzer is automatically removed from file f.

Parameters

f – The file.
args – Arguments that identify a particular file extraction analyzer. This is only provided to be able to pass along to FileExtract::set_limit.
limit – The limit, in bytes, the extracted file is about to breach.
len – The length of the file chunk about to be written.