alfred-landrum
commented
4 years ago Ready for review: I've got PR's open in zq & brim that show pcap ingest works, using the artifact from this PR (including making a manual artifact for windows using this code).
This is the brimsec/zeek repo side of https://github.com/brimsec/brim/issues/731.
The script (mac/linux) or executable (windows) that runs Zeek, including creating required environment variables & command line options, is now
zeekrunnerorzeekrunner.exe. The command line options used to run Zeek are now here in this repo instead of in the zqd source. The job object based process termination for windows is removed, as it is moved into zqd; this will make it easier to eventually replace the windows zeek runner with a script or batch file.