[Zeek] Live capture configuration
Justin Azoff
justin at corelight.com
Thu Dec 26 06:05:22 PST 2019
On Wed, Dec 25, 2019 at 10:34 AM mxd6 <mxd6 at comcast.net> wrote:
> I'm trying to setup my ZEEK system to do both MODBUS and DNP3 live capture
> on the network. When I include the following statements into my local.zeek
> file it fails on deployment with the error "fatal error in
> ../../../local.zeek. Can't find protocols/modbus/software"
>
> Here is my load statements in local.zeek:
>
> @load protocols/modbus/software
> @load protocols/dnp3/software
>
> Any suggestion or examples on configurations for live capture for these
> two protocols?
>
> Any help would be greatly appreciated!
>
Those scripts don't actually exist, only a few protocols have the
'software' scripts;
scripts/policy/protocols/ftp/software.zeek
scripts/policy/protocols/ssh/software.zeek
scripts/policy/protocols/http/software-browser-plugins.zeek
scripts/policy/protocols/http/software.zeek
scripts/policy/protocols/smtp/software.zeek
scripts/policy/protocols/mysql/software.zeek
scripts/policy/protocols/dhcp/software.zeek
The default scripts/base/init-default.zeek already contains the @load
statements for the base dnp3 and modbus scripts;
@load base/protocols/dnp3
@load base/protocols/modbus
so you shouldn't have to do any configuration to analyze these protocols.
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191226/f6790036/attachment.html
More information about the Zeek
mailing list