notice.log is not generated in the current folder - Githubissues

seclab-ucr / Themis

Themis: Ambiguity-Aware Network Intrusion Detection based on Symbolic Model Comparison

GNU General Public License v3.0

20 stars 5 forks source link

notice.log is not generated in the current folder #1

Closed likelyy closed 2 years ago

likelyy commented 2 years ago

Thank you for answering my quesetion. I follew your step in Usage

To see how Robust Zeek can detect evasion attacks, we have pre-recorded attack traffic under pcaps/ folder. detect-bad-keywords.bro is a rule file to detect the sensitive keyword in a HTTP request.
```
zeek -r <pcap file>  effectiveness/detect-bad-keywords.bro -R
(A notice.log file will be generated in the current folder if the keyword is detected.)
```
I use pcap file in pcaps/ folder. However, I only see weird.log in the current folder. notice.log is not generated. Are there any other settings I need to do? Thanks!

gkso commented 2 years ago

I found out that the problem is caused by my commenting out the code that registers the HTTP Analyzer. I forgot the reason why I did that. :( But anyway I fixed the problem at @https://github.com/seclab-ucr/Themis/commit/3f966f81e90d3f3548c111b831d65d5d3c369aed Thanks for reporting the issue!