philrz
commented
8 months ago This issue is being transferred to the newer build-zeek repo where we're able to build current Zeek releases and hence potentially take up this work now.
That said, it's also become apparent that Spicy support is not available on Windows Zeek (see https://github.com/zeek/spicy/issues/1053 for instance). We've been hesitant to ship with enhancements that work on some of our supported platforms and not others, so I suspect this issue may continue to languish. Of course, users that need an interim solution might consider a Custom Brimcap Config where they could build their own Zeek with Spicy support and use that instead of the one that ships with Brimcap/Zui.
In a public Slack thread a community user recently inquired about LDAP parsing. I did some searching and learned that https://github.com/zeek/spicy-ldap appears to be the way this is currently done in Zeek. I installed it via
zkgin my local Zeek 5.0.2 and it worked fine. Therefore the next time we're assembling an updated Zeek artifact to bundle with Brimcap/Brim (which I expect will become feasible when the new Windows port is complete) we can look at including this package so the parsing will happen by default.