I need help with some script i customized. Basically the script is to log
http header. I don't want to mess the original http log, so i tried to
create a new log file to log some field similar with the original http log
along with the http header. I tested the script on http://try.bro.org and
was able to execute the script, also I tested the script to analyze live
traffic from an interface using "*bro -i en0 <list of scripts to load>*"
command with success. But when i load the script on local.bro and restart
bro service, the logger crashed. I'm not sure if the script is the cause or
something else is.
on local.bro file i have included *@load protocols/http/httpheaders line*.
The script is located
Is there a way to read data from a file into a "set" data structure
(instead of "table")?
I would like to read contents of the file that has list of domain names for
example, one per line and store in a "set" data structure variable.
I am looking for the list of services that bro/zeek identifies in conn.log.
But I am unable to find out exactly how many services bro identifies. Can
someone please point out to me the correct script le or source code or
documentation where I can get the list of services that bro detects?
Documentation says :
> application-layer services ( - the service field is filled in as Bro
> determines a specific protocol to be in use, independent of the
> connection’s ports)
But where are these services defined? How many are identified in the
Thanks in advance!
Hi Zeek's devs,
I am interested in an analyzer for the NTP protocol. I have seen that there is one in Zeek, but it doesn't really parse all fields in details. Is anyone working on extending the present analyzer? Would it be of interest for the community to do so?
Is there any reason why the present analyzer is written in C++ rather than binpac?
Registration is now open for ZeekWeek 2019. Want to attend? Sponsor?
Speak? Check out the link below:
ZeekWeek 2019 - Call for Participation and Registration now open! Register
Hope to see you in Seattle!
Director of Community
* Ask me about how you can participate in the Zeek (formerly Bro)
* Remember - ZEEK AND YOU SHALL FIND!!