[Zeek] New Analyzer

Justin Azoff justin at corelight.com
Wed Jul 10 17:51:41 PDT 2019


did you run that with --plugin?

On Wed, Jul 10, 2019 at 8:39 PM Aaron Heller <deltah24 at gmail.com> wrote:
>
> Hi Justin,
> I started off using the binpac_quickstart script, which I thought created an external plugin?
>
> Thanks,
> Aaron
>
> On Wed, Jul 10, 2019 at 8:20 PM Justin Azoff <justin at corelight.com> wrote:
>>
>> On Wed, Jul 10, 2019 at 8:16 PM Aaron Heller <deltah24 at gmail.com> wrote:
>>>
>>>  Maybe that and the analyzer not automatically firing off indicates an issue with the bacnet script not being called appropriately?  I'm grasping at straws, so any thoughts are greatly appreciated!
>>
>>
>> I don't think you are loading the scripts at all..  which is also why the sigs aren't loaded.
>>
>> Are you building this as an in-tree analyzer or as an external plugin?
>>
>> --
>> Justin



-- 
Justin


More information about the Zeek mailing list