Closed helenwangjia closed 11 months ago
modbusのログがOsecTコア側で読み込めるために、zkg install icsnpp-modbus --version 03de54df8b0a8c1e6264876167f80dccae74902a --force --skiptest \で icsnpp-modbusをinstallします。
zkg install icsnpp-modbus --version 03de54df8b0a8c1e6264876167f80dccae74902a --force --skiptest \
テストして、ログの形式はあっています。 root@sensor:/usr/local/zeek/logs/2023-11-15# cat modbus_detailed.14:24:37-14:25:00.log
#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path modbus_detailed #open 2023-11-15-14-24-37 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p unit_id func network_directionaddress quantity values #types time string addr port addr port count string string count count string 1700025877.459336 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 4 READ_COILS request 1 1 - 1700025877.459354 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 4 READ_COILS response - 8 T,F,F,F,F,F,F,F 1700025877.459356 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 5 READ_COILS request 1 8 - 1700025877.459359 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 5 READ_COILS response - 8 T,F,F,T,F,T,T,T 1700025877.459361 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 4 READ_DISCRETE_INPUTS request 1 1 - 1700025877.459364 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 4 READ_DISCRETE_INPUTS response - 8 F,F,F,F,F,F,F,F 1700025877.459366 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 5 READ_DISCRETE_INPUTS request 1 8 - 1700025877.459368 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 5 READ_DISCRETE_INPUTS response - 8 F,F,T,T,F,T,F,F 1700025877.459371 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 4 READ_HOLDING_REGISTERS request 1 1 - 1700025877.459373 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 4 READ_HOLDING_REGISTERS response - 1 170 1700025877.459375 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 5 READ_HOLDING_REGISTERS request 1 8 - 1700025877.459378 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 5 READ_HOLDING_REGISTERS response - 8 170,170,187,204,61316,58347,40843,58561 1700025877.459380 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 4 READ_INPUT_REGISTERS request 1 1 - 1700025877.459382 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 4 READ_INPUT_REGISTERS response - 1 36395 1700025877.459385 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 5 READ_INPUT_REGISTERS request 1 8 - 1700025877.459387 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 5 READ_INPUT_REGISTERS response - 8 36395,8059,39755,33361,7162,56207,619,44695 1700025877.459389 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 6 WRITE_SINGLE_COILrequest 1 1 T 1700025877.459392 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 6 WRITE_SINGLE_COILresponse 1 1 T 1700025877.459394 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 7 WRITE_SINGLE_REGISTER request 1 1 43981 1700025877.459396 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 7 WRITE_SINGLE_REGISTER response 1 1 43981 1700025877.459399 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - READ_EXCEPTION_STATUS request - - - 1700025877.459401 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - READ_EXCEPTION_STATUS response - - - 1700025877.459956 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - DIAGNOSTICS request - - - 1700025877.459958 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - DIAGNOSTICS response - - - 1700025877.459976 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 7 WRITE_MULTIPLE_COILS request 1 4 T,F,F,T 1700025877.459978 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 7 WRITE_MULTIPLE_COILS response 1 4 - 1700025877.459981 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 7 WRITE_MULTIPLE_REGISTERS request 1 4 170,187,204,221 1700025877.459983 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 7 WRITE_MULTIPLE_REGISTERS response 1 4 - 1700025877.459985 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - REPORT_SLAVE_ID request - - - 1700025877.459988 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - REPORT_SLAVE_ID response - - - 1700025877.459990 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 8 READ_FILE_RECORD request - - - 1700025877.459993 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 8 READ_FILE_RECORD response - - - 1700025877.459995 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 8 WRITE_FILE_RECORDrequest - - - 1700025877.459997 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 8 WRITE_FILE_RECORDresponse - - - 1700025877.460009 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - READ_WRITE_MULTIPLE_REGISTERS request - - - 1700025877.460011 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - READ_WRITE_MULTIPLE_REGISTERS response - - - 1700025877.460013 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - READ_WRITE_MULTIPLE_REGISTERS request - - - 1700025877.460016 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - READ_WRITE_MULTIPLE_REGISTERS response - - - 1700025877.460018 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - READ_FIFO_QUEUE request - - - 1700025877.460018 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 10 READ_FIFO_QUEUE request 0 - - 1700025877.460020 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - READ_FIFO_QUEUE response - - - 1700025877.460020 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 10 READ_FIFO_QUEUE response - 0 (empty) 1700025877.460023 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - ENCAP_INTERFACE_TRANSPORT request - - - 1700025877.460026 CalSmx2YYuKwMXMQjl 127.0.0.1 47785 127.0.0.1 502 - ENCAP_INTERFACE_TRANSPORT response - - - 1700025877.460032 Cd9FMF1XfuJE5mmCy 192.168.1.6 37699 3.15.227.20 502 0 READ_HOLDING_REGISTERS request 600 10 - 1700025877.460034 Cd9FMF1XfuJE5mmCy 192.168.1.6 37699 3.15.227.20 502 - READ_HOLDING_REGISTERS_EXCEPTION response - - ILLEGAL_DATA_ADDRESS #close 2023-11-15-14-25-00
modbusのログがOsecTコア側で読み込めるために、
zkg install icsnpp-modbus --version 03de54df8b0a8c1e6264876167f80dccae74902a --force --skiptest \で icsnpp-modbusをinstallします。テストして、ログの形式はあっています。 root@sensor:/usr/local/zeek/logs/2023-11-15# cat modbus_detailed.14:24:37-14:25:00.log