[prev in list] [next in list] [prev in thread] [next in thread]
List: bro
Subject: [Zeek] File data loss in stream event
From: 王辰成 <chencheng.wang93 () gmail ! com>
Date: 2019-03-21 12:15:32
Message-ID: CAFhvOVChNCOJZKYx1A+-zXU018izNbZrVTT9dz-_j0ah3TvVVw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/related)]
[Attachment #4 (multipart/alternative)]
Hi,
I'm sorry to bother you.
During using Zeek I met some problem. Could you help me?
I found a bro package named credit-card-exposure(link
<https://packages.zeek.org/packages/view/75734569-4fb7-11e8-88be-0a645a3f30=
86>),
and imitated the bro script
<https://github.com/sethhall/credit-card-exposure/blob/master/scripts/main.=
bro>
in this package for detect some sensitive info.
Part of the code is as follows
[image: ttt.png]
I printed the fields named seen_bytes and total_bytes of all the files, and
found that many data of files have not entered the handler of stream
event. I can also find in files.log=EF=BC=8C the seen_bytes was far less =
than
total_bytes.
what can I do to solve this problem?
Yours respectfully
[Attachment #7 (text/html)]
<div dir="ltr"><div class="gmail-gE gmail-iv gmail-gt" style="padding:20px 0px \
0px;font-size:14px"><span style="font-size:small">Hi,</span><br></div><div \
class="gmail-"><div id="gmail-:bk" class="gmail-ii gmail-gt" \
style="font-size:14px;direction:ltr;margin:8px 0px 0px;padding:0px"><div \
id="gmail-:bn" class="gmail-a3s gmail-aXjCH" \
style="overflow:hidden;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:small;line-height:1.5"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div><div>I'm sorry to bother you. </div><div>During using Zeek I \
met some problem. Could you help me?</div></div><div>I found a bro package named \
credit-card-exposure(<a \
href="https://packages.zeek.org/packages/view/75734569-4fb7-11e8-88be-0a645a3f3086" \
target="_blank">link</a>), and imitated the <a \
href="https://github.com/sethhall/credit-card-exposure/blob/master/scripts/main.bro" \
target="_blank">bro script</a> in this package for detect some sensitive \
info.</div><div> Part of the code is as follows</div><div><div><img \
src="cid:ii_jtigy5t10" alt="ttt.png" width="473" height="340" class="gmail-CToWUd \
gmail-a6T" tabindex="0" style="cursor: pointer; outline: \
0px;"><br></div></div><div><br></div><div>I printed the fields named seen_bytes and \
total_bytes of all the files, and found that many data of files have not \
entered the handler of stream event. I can also find in files.log, the \
seen_bytes was far less than total_bytes. </div><div>what can I do to solve \
this problem? </div><div><br></div><div>Yours respectfully<div \
class="gmail-yj6qo"></div><br \
class="gmail-Apple-interchange-newline"></div></div></div></div></div></div></div></div></div></div></div>
--0000000000008bad73058499b29a--
["ttt.png" (image/png)]
_______________________________________________
Zeek mailing list
zeek@zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic