[2.2] zeek script help
ridha dabbous
i want to add a script for zeek but i dont get the expected log in "/nsm/zeek/logs/current/"
i add my script under "/opt/so/conf/zeek/policy/custom" with name 'dnspof.zeek' and i add the "__load__.zeek" file in the some folder and write in it ' @ load ./dnspof.zeek'
then i make change here ' /opt/so/saltstack/local/pillar/minions/securityonion_standalone.sls ' and add the script folder name
i restart the system and i check the '/opt/so/conf/zeek/local.zeek' and i found that the script folder are been aded :
but after i import a pcap file i don't find a log from this script .
i have test to execute the some pcap and the script directly with
- zeek -r file.pacp '/opt/so/conf/zeek/policy/custom/dnspof.zeek''
and i get a log file withe the name dnspof and every think go well but not the case when i try to use it automaticly as i mentioned above .
this is the script i use
any help !
Wes Lambert
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/a622b54d-4c14-4abd-8fa7-1fcae8baff55n%40googlegroups.com.
Wes Lambert
ridha dabbous
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/PcZ2nJeu138/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/CAHjBB6EcjM_tyarL5yFqw8DjJKEw4znmX--ZrLjejF9osAJNrg%40mail.gmail.com.