[Zeek] Status of 3 plugins
Justin Azoff
justin at corelight.com
Thu Oct 31 15:30:08 PDT 2019
On Thu, Oct 31, 2019 at 5:55 PM James Lay <jlay at slave-tothe-box.net> wrote:
> Well here I am. Zeek 3 was released Sep 23rd, and I'm dead in the water
> until these are updated:
>
> https://github.com/J-Gras/bro-af_packet-plugin
appears to work just fine.
https://github.com/salesforce/ja3/tree/master/bro
Other than a warning about using bro_init, works fine. The code that
causes this looks like dead code that isn't even used anyway, so they can
just be deleted. There's also the hosom/bro-ja3 which is a cleaned up
version and works without warnings. The test suite it includes fails to
run properly (fixable btest issues), but installing anyway results in a
functional package.
https://github.com/J-Gras/intel-seen-more
Looks like this hits the issue where it depends on bro/something which are
now all zeek/something I fixed this in one of my packages by just deleting
the "bro/" part of the dependency but I think this is more a migration
issue that zkg could help resolve.
> if anyone has inside communication channels or some other form of
> digital cattle prod I'd love it if you could motivate the above to get
> to Zeek 3 compatibility. Truth be told I haven't even been able to
> start testing yet due to the missing plugins I use.
>
Well, 2 out of the 3 already work, and one just needs a minor update that
I'm sure Jan would be happy to make if someone had just told him about it.
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191031/4aff7389/attachment.html
More information about the Zeek
mailing list