Merge pull request #124 from vollkorn1982/fix_failing_zeek_analysis

zeek 5.1.1-0 has a new logfile format, fixes #123
This commit is contained in:
chebatory 2023-01-11 15:55:59 +03:00 committed by GitHub
commit 7696f840c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -269,8 +269,8 @@ class ZeekEngine(object):
for record in ParseZeekLogs(os.path.join(dir, "files.log"), output_format="json", safe_headers=False): for record in ParseZeekLogs(os.path.join(dir, "files.log"), output_format="json", safe_headers=False):
if record is not None: if record is not None:
f = {"filename": record["filename"], f = {"filename": record["filename"],
"ip_src": record["tx_hosts"], "ip_src": record["id.orig_h"],
"ip_dst": record["rx_hosts"], "ip_dst": record["id.orig_p"],
"mime_type": record["mime_type"], "mime_type": record["mime_type"],
"sha1": record["sha1"]} "sha1": record["sha1"]}
if f not in self.files: if f not in self.files: