zeek May 2022

zeek@lists.zeek.org

3 participants
3 discussions

Mailing list migration starting May 24th 2022

by Johanna Amann

Hi everyone, as previously announced (https://lists.zeek.org/archives/list/zeek-announce@lists.zeek.org/thread/33…), we will move all our mailing lists to Discourse. All mailing lists will be switched into read-only mode on Tuesday, May 24th 2022. The current state of the mailing lists will then be imported into Discourse. We will expect this to take up to two days. Thus, on or before Thursday, May 26th, the Zeek Discourse server will be available at https://community.zeek.org. We will send one last posting on this mailing list when the Discourse server is operational. Please note that you will have to manually re-subscribe to the lists that you are interested in. If you have any questions or concerns about this, either email me directly, or email the Zeek Leadership team at lt(a)zeek.org. Johanna Amann (for the Zeek LT)

1 month

Scripting for parsing file names from a directory

by zrobinette＠outlook.com

I'm currently using the Seiso/Kafka plugin to stream each unique Zeek log type to a different topic in Kafka and it works great https://github.com/SeisoLLC/zeek-kafka#example-4---send-each-zeek-log-to-a-…. I've been using SSL configurations to specify the directory path + filename for my .crt, .key and .pem files so in the $config variable, my table looks like this: $config = table( ["metadata.broker.ist"] = "broker1:9092", ["ssl.ca.location"] = "/path/to/ca/file.pem", ["ssl.certificate.location"] = "/path/to/certificate/file.crt", ["ssl.key.location"] = "/path/to/key/file.key", ["security.protocol"] = "ssl" Instead of manually entering the "/path/to/certificate/file.crt" along with ca and key, I'd like to use either a bif (but I can't find one specifically for this use case) or create a function to parse the file names. I only need to be able to grab the file names, not the full directory path. Here's what I have so far: @load base/utils/exec redef exit_only_after_terminate=T; global command: string = "ls -A"; function get_certificate(): string { local cmd = Exec::Command($cmd=command); when (local res = Exec::run(cmd)) { local results = res$stdout; for ( i in results ) { if ( ends_with(results[i], ".crt") ) { local match = match_pattern(results[i], /^([^.]+)\.crt/); return match$str; } } } } event zeek_init() { local certificate: string = get_certificate(); print $certificate; } I'm attempting to assign the return of the function (match$str) because that gives me the file name I'm looking for. Once I have the string in a variable, I think I should be able to insert that into the Kafka $config table for ssl.certificate.location. This script currently fails though with this error. warning: non-void function returning without a value: get_certificate expression error in ./get_certs.zeek, line 28: value used but not set (certificate) fatal error: errors occurred while initializing If I change return match$str to print match$str, then just simply call get_certificate() in the zeek_init(), it successfully prints the file name I want. How can I get this function to return match$str so I can save it into a variable for later use? Thanks!

1 month, 3 weeks

zeek-long-connections fails to install with zeek 4.0.6

by Carlos López Martínez

Hi all, I am trying to install zeek-long-connections in a Zeek 4.0.6 under FreeBSD 13 and returns the following errors: root@fbsdmgmt:~ # zpkg install zeek/corelight/zeek-long-connections The following packages will be INSTALLED: zeek/corelight/zeek-long-connections (v1.3.0) Proceed? [Y/n] Running unit tests for "zeek/corelight/zeek-long-connections" error: "zeek/corelight/zeek-long-connections" tests failed, inspect contents of /opt/zeek/var/lib/zkg/testing/zeek-long-connections for details, especially any "zkg.test_command.{stderr,stdout}" files within /opt/zeek/var/lib/zkg/testing/zeek-long-connections/clones/zeek-long-connections Proceed to install anyway? [N/y] Abort. With Zeek 4.0.5 works perfect ... Any idea why fails under Zeek 4.0.6? -- Best regards, C. L. Martinez

1 month, 3 weeks

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

zeek May 2022