search

simsong / bulk_extractor

This is the development tree. Production downloads are at:
https://github.com/simsong/bulk_extractor/releases
Other
1.11k stars 187 forks source link

Running bulk_extractor with debug options has not effect on run #403

Open laissezfarrell opened 1 year ago

laissezfarrell commented 1 year ago

Running bulk_extractor with this command: bulk_extractor -d8 -o /home/accessions/b_e2x_errors/debug_mode06 -R /home/accessions/UA2023-0021/objects/OPD/ -F /home/scripts/be_regex/uaregex.txt

which should disable scanners resulted in the following scanners being run:

aes base64 elf evtx exif facebook find gzip httplogs json kml_carved msxml net ntfsindx ntfslogfile ntfsmft ntfsusn pdf rar sqlite utmp vcard_carved windirs winlnk winpe winprefetch zip accts email gps
simsong commented 1 year ago

Debug mode is used for debugging. It is a mask that each scanner can interpret as it wishes. The scanners that are enabled are the default scanners. If you wish to disable them, you should add -xall at the start of the command line.

What are you actually trying to do? I don't see an error here.

laissezfarrell commented 1 year ago

This is outside my wheelhouse. Another person was helping me identify issues and had asked that I run bulk_extractor with this debug option. The results suggested to them that "DEBUG_NO_SCANNERS (ie. -d8) has a definition in the source code but then it's never used if it's set. So, -d8 doesn't do anything currently in version 2.0.2."

I created this with the other bugs I reported, but am not one who usually uses debug mode.

simsong commented 1 year ago

We greatly appreciate your input and I'll be addressing each item individually over the next few weeks. Seriously, this kind of feedback in invaluable. Thank you!

simsong commented 1 year ago

I thinking of removing the global 'debug' variable as it isn't really being used. Thoughts?