jsecurity101/Marvel-Lab

Zeek Logs

Closed this issue · 1 comments

jsecurity101 commented

Zeek is working at 95% capacity. There are some areas where it fails to pick up OpNums from specific RPC interfaces. Need to update container to address this problem.

jsecurity101 commented

@benjaminshell fixed this by adding -C to this line -

Marvel-Lab/Logging/splunk/splunk_logger.sh

Line 54 in 7f31d0c

docker run -d --name zeek --restart always --cap-add=NET_RAW --net=host -v `pwd`/zeek/zeek-logs/:/pcap:rw -v `pwd`/zeek/__load__.zeek:/usr/local/zeek/share/zeek/base/bif/__load__.zeek blacktop/zeek -i $Interface -C

Info found - https://old.zeek.org/documentation/faq.html#why-isn-t-zeek-producing-the-logs-i-expect-a-note-about-checksums