Please don't ask users to overwrite Zeek base scripts

[sethhall]

Currently, your modbus and dnp3 scripts both recommend that users overwrite the scripts that are shipping with Zeek. It would be much better for everyone if you just treated these as completely separate scripts. You could have an option to do something like disable the existing built in logs.

One side benefit you get if you don't tell people to overwrite the existing scripts is that you can submit your scripts to the Zeek package manager and get more users through that.

We would be totally happy to discuss how to make the DNP3 and Modbus base scripts in Zeek better too! They haven't been extensively refined and it would be great to get some practitioners advice on what should be in those logs.

Thanks!

[Kleinspider]

Thanks! We have added a warning to the installation instructions for these two scripts and are currently developing a different installation process to not interfere with default Zeek files.

We are happy to discuss updates to the base DNP3 and Modbus scripts and would love to help improve them any way we can!

[Kleinspider]

The parsers and scripts have been modified to be extension scripts and no longer impact the original DNP3 and Modbus files.