[Zeek] Signatures::LOG - rotation
os
adamp at os.pl
Wed Jan 15 14:30:46 PST 2020
Thank you for your response.
I did the test with your configuration and it works fine.
So I need to check my configuration carefully.
Thank you for your time
W dniu 15.01.2020 o 20:18, Justin Azoff pisze:
> How exactly are you reproducing that?
>
> I tried this:
>
> ==> foo.sig <==
> signature foo {
> ip-proto == tcp
> tcp-state established,originator
> event "hello"
> payload /.*hello/
> }
>
> ==> foo.zeek <==
> @load-sigs ./foo.sig
> event zeek_init()
> {
> local f = Log::get_filter(Signatures::LOG, "default");
> f$interv = 30 secs;
> Log::add_filter(Signatures::LOG, f);
> }
>
> and just running zeek foo.zeek and after making 2 connections a minute
> apart ended up with 2 rotated log files.
>
>
> On Wed, Jan 15, 2020 at 1:18 PM os <adamp at os.pl <mailto:adamp at os.pl>>
> wrote:
>
> hello members,
>
> Please, can you help me
>
> I have problem with log rotation for signature LOG (only)
>
> when I use scripts ,
>
> event zeek_init()
> {
> local f = Log::get_filter(Signatures::LOG, "default");
> f$interv = 1 min;
> Log::add_filter(Signatures::LOG, f);
> }
>
> after run I have error.
>
> expression error in
> /usr/local/zeek/share/zeek/base/frameworks/logging/./main.zeek, line
> 579: no such index (Log::all_streams[Log::id])
> fatal error: errors occurred while initializing
>
> The problem occurs in versions 3.0.1; 3.1.0-dev.376
>
> Thank you , hello Zeek Team,
> Please, can you help me
>
> I have problem with log rotation for signature LOG (only)
> when I use scripts ,
> event zeek_init()
> {
> local f = Log::get_filter(Signatures::LOG, "default");
> f$interv = 1 min;
> Log::add_filter(Signatures::LOG, f);
> }
> after run zeek a see error.
> expression error in
> /usr/local/zeek/share/zeek/base/frameworks/logging/./main.zeek, line
> 579: no such index (Log::all_streams[Log::id])
> fatal error: errors occurred while initializing
>
> The problem occurs in versions 3.0.1; 3.1.0-dev.376
>
> Thank you, for any help.
>
> Adam
> Adam
>
>
>
>
> - - - - - - - - - - - - - - - - - - - -
>
> H o s t i n g z d a r m o w y m c e r t y f i k a t e m S S
> L z a p o l o w e - k l a t k a . p l
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org <mailto:zeek at zeek.org>
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
>
>
> --
> Justin
- - - - - - - - - - - - - - - - - - - -
H o s t i n g z d a r m o w y m c e r t y f i k a t e m S S L z a p o l o w e - k l a t k a . p l
More information about the Zeek
mailing list