顯示具有 zeek 標籤的文章。 顯示所有文章
顯示具有 zeek 標籤的文章。 顯示所有文章

2022/07/13

今天安裝完zeek 一直無法啟動
使用zeekctl
start 後還是不行
接下來使用diag 去看 出現錯誤訊息
查了一下 有人說要先deploy
在 zeekctl 裡下完deploy後就正常了

原來官方說明就有寫了 XD

2022/06/28

先簡單記一下zeek file extraction



zkg install zeek/hosom/file-extraction


# you must separately load the package for it to actually do anything

zkg load zeek/hosom/file-extraction


mkdir /opt/extract_files


vi /opt/zeek/share/zeek/base/files/extract/main.zeek


#const prefix = "./extract_files/" &redef;

        const prefix = "/opt/extract_files/" &redef;

        

        

        

vi /opt/zeek/share/zeek/site/local.zeek


加上


@load /opt/zeek/share/zeek/policy/frameworks/files/extract-all-files.zeek




root@zeek:~# /opt/zeek/bin/zeekctl


Warning: zeekctl node config has changed (run the zeekctl “deploy” command)


Welcome to ZeekControl 2.2.0


Type “help” for help.


[ZeekControl] > start


starting zeek …


creating crash report for previously crashed nodes: zeek


[ZeekControl] > deploy


[ZeekControl] >quit


https://chanfs.medium.com/file-extraction-with-zeek-2c1a0bb1aa98


https://github.com/hosom/file-extraction


https://www.ericooi.com/zeekurity-zen-part-vi-zeek-file-analysis-framework/