rkoumis
commented
2 months ago Looks good to me - do you agree @whartond ?
Closed nikhil123-stack closed 2 months ago
rkoumis
commented
2 months ago Looks good to me - do you agree @whartond ?
ismaiilka
commented
3 weeks ago Замените версию 6.0.3 на версию 7.0.3. При установке zeek версии 6.0.3 возникает следующая ошибка:
make[3]: Leaving directory '/src/zeek-6.0.3/build' make[2]: [CMakeFiles/Makefile2:5636: auxil/spicy/hilti/toolchain/CMakeFiles/hilti-objects.dir/all] Error 2 make[2]: Leaving directory '/src/zeek-6.0.3/build' make[1]: [Makefile:163: all] Error 2 make[1]: Leaving directory '/src/zeek-6.0.3/build' make: *** [Makefile:15: all] Error 2
При замене ZEEK_VERSION на 7.0.3 в файле dalton-agent/Dockerfiles/Dockerfile_zeek все устанавливается без ошибок. Ставил Dalton на Ubuntu 20.04.06 и Debian 11.
rkoumis
commented
2 weeks ago Замените версию 6.0.3 на версию 7.0.3. При установке zeek версии 6.0.3 возникает следующая ошибка:
make[3]: Leaving directory '/src/zeek-6.0.3/build' make[2]: [CMakeFiles/Makefile2:5636: auxil/spicy/hilti/toolchain/CMakeFiles/hilti-objects.dir/all] Error 2 make[2]: Leaving directory '/src/zeek-6.0.3/build' make[1]: [Makefile:163: all] Error 2 make[1]: Leaving directory '/src/zeek-6.0.3/build' make: *** [Makefile:15: all] Error 2
При замене ZEEK_VERSION на 7.0.3 в файле dalton-agent/Dockerfiles/Dockerfile_zeek все устанавливается без ошибок. Ставил Dalton на Ubuntu 20.04.06 и Debian 11.
@ismaiilka building zeek takes a lot of resources, I also found it was sometimes crashing. Can you try freeing up memory / adding memory ?
Add zeek version 7 and version 6 ; remove zeek version 4.
Dalton UI now will have an option to provide custom zeek script in zeek sensor job creation page. You can either upload custom script file or write the script (or both) in the Dalton UI, and can run pcaps using those custom scripts.
Zeek custom script Enhancement in Dalton.pdf
closes #175 closes #176