Project

General

Profile

Actions
Copy link

Feature #408

closed

Filestore / file.NUMBER renaming script inclusion with Suricata distribution

Added by Peter Manev almost 13 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Low
Assignee:
Peter Manev
Target version:
-
Effort:
Difficulty:
Label:

Description

Hi,
I have attached a version 1.0 of a script, that I would like to be included/considered in the main Suricata distribution.
It makes use of the files stored in /var/log/suricata/files (depending on the files.rules used in the new file magic feature starting with Suricata 1.2.1).

Basically it is a small script that does the following:

Please choose the options according to which you would like your files to be renamed.
They will be RENAMED (in the same directory) in this order below,depending on your selection, in the following fashion:
file.1 will become "file.1__TIME__SRCIP__DSTIP__PROTO__SRCPORT__DSTPORT__FILENAME" :
Notice the use of "__" (double _ )for a field delimiter in the filename.
This script is to be EXECUTED in the "files" directory !! Your choice: 

1 ) TIME
  2 ) SRC_IP
  3 ) DST_IP
  4 ) PROTO
  5 ) SRC_PORT
  6 ) DST_PORT
  7 ) FILENAME
Check an option (again to uncheck, ENTER when done):

and it will do the following (for example), FROM:

file.1
file.1.meta
file.2
file.2.meta
file.3
file.3.meta
file.4
file.4.meta
file.5
file.5.meta
file.6
file.6.meta
file.7
file.7.meta
file.8
file.8.meta

TO:

file.1__01-22-2012-19-53-33.504334__2.23.151.148__192.168.1.71__6__80__19652__3500148-en.pdf
file.1.meta
file.2__01-22-2012-19-53-58.799650__2.22.240.118__192.168.1.71__6__80__19658__OAC-TD-AG47W.pdf
file.2.meta
file.3__01-22-2012-20-25-07.916142__84.53.168.170__192.168.1.71__6__80__21531__prod_brochure0900aecd8019dc1f.pdf
file.3.meta
file.4__01-22-2012-20-45-06.210079__84.53.168.170__192.168.1.71__6__80__22034__prod_brochure0900aecd8019dc1f.pdf
file.4.meta
file.5__01-22-2012-20-45-25.614460__173.203.15.67__192.168.1.71__6__80__22040__corporate_timeline.pdf
file.5.meta
file.6__01-22-2012-20-45-27.446917__173.203.15.67__192.168.1.71__6__80__22041__corporate_timeline.pdf
file.6.meta
file.7__01-22-2012-20-45-27.446917__173.203.15.67__192.168.1.71__6__80__22041__favicon.ico
file.7.meta
file.8__01-22-2012-20-45-28.110054__173.203.15.67__192.168.1.71__6__80__22043__corporate_timeline.pdf
file.8.meta

for an easier visibility, traceability, control purposes.

Please feel free to criticize and make suggestions.

Thank you

Files

file_convert_linux_v_1.0.sh (2.9 KB) file_convert_linux_v_1.0.sh Peter Manev, 01/29/2012 06:52 AM
Actions
Copy link

Also available in: Atom PDF