[Zeek] File data loss in stream event
王辰成
chencheng.wang93 at gmail.com
Thu Mar 21 05:15:32 PDT 2019
Hi,
I'm sorry to bother you.
During using Zeek I met some problem. Could you help me?
I found a bro package named credit-card-exposure(link
<https://packages.zeek.org/packages/view/75734569-4fb7-11e8-88be-0a645a3f3086>),
and imitated the bro script
<https://github.com/sethhall/credit-card-exposure/blob/master/scripts/main.bro>
in this package for detect some sensitive info.
Part of the code is as follows
[image: ttt.png]
I printed the fields named seen_bytes and total_bytes of all the files, and
found that many data of files have not entered the handler of stream
event. I can also find in files.log, the seen_bytes was far less than
total_bytes.
what can I do to solve this problem?
Yours respectfully
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190321/9e72d9ed/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ttt.png
Type: image/png
Size: 55370 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190321/9e72d9ed/attachment-0001.bin
More information about the Zeek
mailing list