hodf-cye
commented
5 months ago When I've cloned the zeek script directly from the repo a "ja4" field has been created. I assume that zkg.meta should be fiexd..
Closed hodf-cye closed 4 months ago
hodf-cye
commented
5 months ago When I've cloned the zeek script directly from the repo a "ja4" field has been created. I assume that zkg.meta should be fiexd..
john-althouse
commented
4 months ago @HodF-CYE All of JA4+ is finally done. Unfortunately, there's multiple "ja4" zeek repos in zeek/packages so the correct way to install via zkg is:
zkg install zeek/foxio/ja4
This will also get you all of JA4+ instead of just JA4
It was mentioned that by default JA4 sum should be added to the ssl.log file. It seems that the script is creating a new file "ja4.log", is there a possibilty to add the script output to ssl.log?