No notice logs

Question

No notice logs

Luisibear98 opened this issue 4 years ago · 3 comments

Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated.
How can I assure the installition was properly done?

Answer 1 · 2021-02-13T18:11:25.000Z

Hi, is Zeek producing SMB or DCE-RPC logs when it processes your PCAPs? Mark

…

On Sat, Feb 13, 2021, 11:04 AM Luisibear98 ***@***.***> wrote: Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#12>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AGUTUSR6LTZUHCXDMHR66ZLS62PHVANCNFSM4XSINNVA> .

Answer 2 · 2021-02-13T18:24:37.000Z

Hi, is Zeek producing SMB or DCE-RPC logs when it processes your PCAPs? Mark
…
On Sat, Feb 13, 2021, 11:04 AM Luisibear98 @.***> wrote: Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#12>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUTUSR6LTZUHCXDMHR66ZLS62PHVANCNFSM4XSINNVA .

Hi Mark, Thanks so much for the response!
Yes, Im testing the pcaps on this repo: https://github.com/sbousseaden/PCAP-ATTACK/
By using tcpreplay.

Answer 3 · 2021-02-17T20:46:24.000Z

You can find SMB and RPC relevant PCAPs on Wireshark's website https://wiki.wireshark.org/SampleCaptures Mark

…

On Sat, Feb 13, 2021, 1:24 PM Luisibear98 ***@***.***> wrote: Hi, is Zeek producing SMB or DCE-RPC logs when it processes your PCAPs? Mark … <#m_3237153820010318593_> On Sat, Feb 13, 2021, 11:04 AM Luisibear98 *@*.***> wrote: Hello, Im testing the scripts on zeek with some pcaps but no notice log is being generated. How can I assure the installition was properly done? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#12 <#12>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUTUSR6LTZUHCXDMHR66ZLS62PHVANCNFSM4XSINNVA . Hi Mark, Thanks so much for the response! Not at all, Im testing the pcaps on this repo: https://github.com/sbousseaden/PCAP-ATTACK/ By using tcpreplay. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#12 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AGUTUSVPP5GEQ22NQKIBI2DS627XPANCNFSM4XSINNVA> .