Skip to content

Commit

Permalink
for #590, extracted files not getting saved to correct location for l…
Browse files Browse the repository at this point in the history
…ive Zeek capture
  • Loading branch information
mmguero committed Oct 9, 2024
1 parent 3d486c0 commit a6c2737
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions shared/bin/zeekdeploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -142,8 +142,14 @@ export TMP="$TMP_PATH"
# if file extraction is enabled and file extraction script exists, set up the argument for zeek to use it
[[ -z $ZEEK_RULESET ]] && ZEEK_RULESET="local"
EXTRACTOR_ZEEK_SCRIPT="extractor.zeek"
EXTRACTOR_INTERESTING_ZEEK_SCRIPT="extractor_override.interesting.zeek"
ZEEK_EXTRACTOR_SCRIPT="$ZEEK_INSTALL_PATH"/share/zeek/site/"$EXTRACTOR_ZEEK_SCRIPT"
ZEEK_EXTRACTOR_INTERESTING_SCRIPT="$ZEEK_INSTALL_PATH"/share/zeek/site/"$EXTRACTOR_INTERESTING_ZEEK_SCRIPT"
([[ ! -r "$ZEEK_EXTRACTOR_SCRIPT" ]] || [[ "$ZEEK_EXTRACTOR_MODE" = "none" ]]) && ZEEK_EXTRACTOR_SCRIPT=""
if [[ "$ZEEK_EXTRACTOR_MODE" = "interesting" ]] && [[ -r "$ZEEK_EXTRACTOR_INTERESTING_SCRIPT" ]]; then
ZEEK_EXTRACTOR_OVERRIDE_FILE="$ZEEK_EXTRACTOR_INTERESTING_SCRIPT"
export ZEEK_EXTRACTOR_MODE="mapped"
fi
([[ ! -r "$ZEEK_EXTRACTOR_OVERRIDE_FILE" ]] || [[ -z "$ZEEK_EXTRACTOR_SCRIPT" ]] || [[ ! "$ZEEK_EXTRACTOR_MODE" = "mapped" ]]) && ZEEK_EXTRACTOR_OVERRIDE_FILE=""

# make sure "intel" directory exists, even if empty
Expand Down

0 comments on commit a6c2737

Please sign in to comment.