[Zeek] Issues with Intel::FILE_NAME not working.
William Dieterich
william.dieterich at gmail.com
Tue Jul 9 11:27:10 PDT 2019
Using the Intel Framework I cannot get Intel::FILE_NAME to fire. It
is working with any other type so my script and read file is good.
I am loading the following scripts
Policy/frameworks/intel/seen
policy/frameworks/intel/do_notice
frameworks/file/hash-all-files.bro
base/frameworks/intel/files.bro
Loading hash-all-files.bro is there so that Intel::FILE_HASH works, is
there a better way?
I am taking filenames from both my files.log and http.log files so I
know the files exist. I am getting no errors in recorder.log and am
running from the command line and no errors are there. Any ideas on
what I am doing wrong?
More information about the Zeek
mailing list