Are there any plans to use another communication platform besides IRC? To
the best of my knowledge the IRC channel does not record history, so any
new member is unaware of prior chats / discoveries.
Is there a desire in the community to move to something along the lines of
Discord or Slack? Granted Slack would come at a premium.
I’m trying to create my first protocol analyzer with BinPac for the
synchrophasor protocol (IEEE Std C37.118) – from what I can tell, nobody
has made an analyzer for it yet. I'm trying to define the message format in
synchrophasor-protocol.pac. However, stuff like the format of data packets
are based on a previously sent configuration packet. How do I write
synchrophasor-protocol.pac so I can parse them based on the previously sent
packet? Here’s some documentation on the protocol if you need it:
http://smartgridcenter.tamu.edu/resume/pdf/1/SynPhasor_std.pdf
Again, this is my first time trying to write a protocol analyzer with
BinPac, so sorry if this is obvious.
Thank you
All
Looking for some general information for hardware to support
1Gbps (Single Port) and 10Gps (Single Port)
How many cores/threads/processors @ ram?
I did see some info on Zeek under clusters that its about 250mb per
core/per worker, just wanted to see if that is still viable information.
Thanks
Req
All,
I'm trying to troubleshoot why my zeek workers keep regularly dying. The diag log is rather unhelpful, yielding nohup ${pin_command} $pin_cpu "$mybro" "$@"
Is there some additional troubleshooting methods I can employ to figure out why they're constantly dying?
Thanks,
- Gary
I had bro doctor working, but then we had an issue/accident in the datacenter and I had to rebuild the manager from scratch. I tried to follow my detailed notes from when I installed it the first time. Now bro doctor isn't working, and I'm trying to figure out why. Any suggestions?
$ sudo ./zeekctl doctor.bro
Warning: ZeekControl plugin uses legacy BroControl API. Use
'import ZeekControl.plugin' instead of 'import BroControl.plugin'
Warning: Plugin 'doctor' not activated because its init() method raised exception: 'plugin doctor lookup of unknown config option bro'
Error: unknown command 'doctor.bro'
ZeekControl Version 1.9-49
Thanks for your help,
-Brian
________________________________
The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.
Hi everyone,
I'm trying to run the following script :
https://github.com/hosom/file-extraction/blob/master/scripts/plugins/store-…
The issue is that the EXEC::run command is not working as expected.
I run bro on a pcap file, in debug.log I see that a thread was initiated
and finished with no issues, however the file is not moved..
Any ideas ?
Thank you
B
Hi,
I have a pcap containing only a TCP three way hand shake. When I tried this
pcap in "try zeek" online with a simple tcp_packet event handler, nothing
is print out and an non_ip_packet_in_ethernet warning is generated in the
wierd log. Any idea what is going on?
Best regards,
Hui Lin
--
Hui Lin
Ph.D. Candidate (http://hlin33.web.engr.illinois.edu/)
DEPEND (http://depend.csl.illinois.edu/)
ECE, Uni. of Illinois at Urbana-Champaign
Hi everyone,
I have a variable that has &optional &default attributes.
I want the &default attribute to have a value of an enum.
So if the enum is : type color: enum { Red, White, Blue, };
c: color &default=Red;
Does not work..
Any ideas on the correct syntax ?
Thank you
B
Hi there,
I am using zeek in a container with hosts network. My bro/zeek version is
following. Bold text are the commands that get executed in the container.
# docker run --cap-add=NET_RAW --net=host --rm blacktop/*zeek --version*
bro version 2.6-255
I ran zeek with detect-webapps bro script from policy. I browsed a couple
of phpadmin websites etc but *I could not get any logs specific to
detect-webapps.*
# docker run --cap-add=NET_RAW --net=host --rm blacktop/*zeek -i 'enp2s0'
protocols/http/detect-webapps*
listening on enp2s0
~~~~~
It runs forever and I got following log files :
conn.log dns.log packet_filter.log weird.log
dhcp.log files.log ssl.log x509.log
*Where to get detect-webapps log file?*
*What does detect-webapps do and where it logs its data?*
Any help will be much appreciated.
--
Regards,
Sachin Giri
Hi all,
Check out the first of a series of Zeke on Zeek posts we're rolling out.
This week's post is on Paraglob.
https://blog.zeek.org/2019/06/zeke-on-zeek-paraglob.html
If you have topics you'd like us write more about please let us know.
Thanks,
~Amber
--
*Amber Graner*
Director of Community
Corelight, Inc
828.582.9469
* Ask me about how you can participate in the Zeek (formerly Bro)
community.
* Remember - ZEEK AND YOU SHALL FIND!!