[Zeek] Testing modules/policies
Vlad Grigorescu
vlad at es.net
Tue May 19 06:28:17 PDT 2020
On Tue, May 19, 2020 at 7:10 AM Mauricio Tavares <raubvogel at gmail.com>
wrote:
> 2. Is there a verbose option (I am thinking on the -v[v[v]] in
> ansible/ssh) when you call
>
> zeek -r pcap policy
>
> I do not mean the -d option, as it seems to behave like gdb.
>
One option I use is `zeek -r pcap misc/dump-events my-test-policy.zeek`.
See:
https://docs.zeek.org/en/current/scripts/policy/misc/dump-events.zeek.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200519/f48d627a/attachment-0001.html
More information about the Zeek
mailing list