[Zeek] ActiveHTTP Module Error

Jon Siwek jsiwek at corelight.com
Tue Jun 4 10:19:49 PDT 2019


On Tue, Jun 4, 2019 at 10:06 AM Blake Moss <blake_moss at byu.edu> wrote:

> Does anyone have an example of using this in a script they would be willing to share?

There's an example in
testing/btest/scripts/base/utils/active-http.test.  In your example,
if you're running from the command line and/or reading a pcap, you
need to add this:

    redef exit_only_after_terminate = T;

That is, "when" statements and the ActiveHTTP modules are executed
asynchronously.  The block of code within the "when" gets executed
whenever the results are ready, and if you're on command-line without
an indefinite source of input, the process exits before the results
are obtained.

- Jon


More information about the Zeek mailing list