[Zeek] Zeek doesn't see the MQTT traffic.
Jon Siwek
jsiwek at corelight.com
Fri Apr 17 11:42:44 PDT 2020
On Fri, Apr 17, 2020 at 6:00 AM Tomek Koziak <ttomek.koziak at gmail.com> wrote:
>
> Even when I run it on the mqtt.pcap from here and again the previously mentioned events, it doesn't produce any output. What may cause this problem?
MQTT analysis isn't enabled by default, you can `@load
policy/protocols/mqtt` to enable it.
$ zeek -r mqtt_packets_tcpdump.pcap protocols/mqtt
$ ls mqtt_*.log
mqtt_connect.log mqtt_publish.log mqtt_subscribe.log
- Jon
More information about the Zeek
mailing list