[Zeek] Creating a module and accessing an event in another script
Justin Azoff
justin at corelight.com
Wed Jun 5 10:39:05 PDT 2019
that script should generally work, but it was a lot more complicated than
it needed to be to accomplish what you are trying to do. Here is a much
simplified version.
The only thing to keep in mind is that since you are using zeek_init to
setup the log stream this won't work on bro or a small number of zeek
builds from right after the rename. There are no released versions of zeek
so I don't know when you built it. Using bro_init is backwards compatible
and is probably better for now.
On Wed, Jun 5, 2019 at 12:46 PM Merril Mathew <merril.mathew at baby2body.com>
wrote:
> Hi Justin,
>
> I can confirm that attached scripts does not send me email on live traffic
> or create a log under $PREFIX/logs/current. But it does create notice.log
> and a SSHAttempt.log when running pcap. I can also confirm that send mail
> set up is working as I have received emails from zeek from other scripts.
>
> Kind regards,
> Merril.
>
>
>
> On 5 Jun 2019, at 17:20, Justin Azoff <justin at corelight.com> wrote:
>
> On Wed, Jun 5, 2019 at 12:11 PM Merril Mathew <merril.mathew at baby2body.com>
> wrote:
>
>> Hi Justin,
>>
>> Thanks. But it did not work for me.
>>
>
> Did not work how? Did you post the version of the script that didn't
> work?
>
> --
> Justin
>
>
>
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190605/ca2935de/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: main.zeek
Type: application/octet-stream
Size: 1156 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190605/ca2935de/attachment.obj
More information about the Zeek
mailing list