I'm running zeek/bro on individual pcap files with the command line parameter -r inputfile.pcap. How can I access the file name of this input file in a bro script? I would like to rename the conn.log to inputfile_conn.log.
Zeek (Bro) rename log according to input file
361 views Asked by user1520506 At
1
There are 1 answers
Related Questions in ANALYSIS
- Netflix watch history project. Need data source (title & duration of the shows/movies) to match watch history
- Finding the corresponding X-axis value from graph
- Selecting more than one variable for analysis and visualization
- How to Combine Frequency and Percentage in 1 Cell in SPSS with Frequency displayed in bracket
- DADA2 truncLen value
- Heatmap using latitude and longitude coordinates
- Persistence diagram feels wrong...?
- Dynamically assigning CSVs to objects in a for loop in R
- How can I edit my table so that all the values for each sample appear in 1 row for the sample?
- Missing values were incorrectly entered as zeroes
- Python - Writing code for probability of choosing 7 pairs in a dominoes game?
- Column chart with conditional formatting and positive or negative deviation at the top of the columns in Power BI
- Object 'x' must be of class 'meta', 'metabin',... When attempting InfluenceAnalysis of the {dmetar} package
- Dynamic Pricing based on demand and independent categorical variables
- Give filenames of files containing given date time range
Related Questions in PCAP
- pcap to Avro on Hadoop
- Merging two pcap files with libpcap
- pcap_dispatch() always returns 0 on Mac OSX for wifi interface
- pcap file viewing library in python 3
- Writing pcap packets into a structure with libpcap
- Querying Interfaces to find device with libpcap
- Capture RRC Messages using Libpcap on android
- OSI Layers on local host
- How the pcap_next_ex() method is filling the pcp_pkthdr structure passing as input at driver level?
- Winpcap - pcap_next_ex vs pcap_loop
- Export raw packet bytes in tshark, tcpdump, or similar?
- Mergecap not working
- Parse pcap files to sip message in c++
- Use IP or TCP packet length to analyze how much data transferred
- access all packets from Pcap file
Related Questions in BRO
- Zeek is not storing files, even after script was loaded. What am I missing?
- Zeek/Bro IDS - Sumstats - qty similarly sized TCP segments?
- How to set mmdb_dir in Zeek/Bro
- Does Zeek allow to inspect RTP headers?
- Zeek cluster fails with pcap_error: socket: Operation not permitted (pcap_activate)
- How to configure bro to ignore traffic from certain subnets?
- Zeek Scripting "Error field missing value"
- Is it possible to inspect TCP reserved bits with Zeek?
- Extract the Source IP Address from two different log samples with regex
- Zeek missing loaded_scripts.log file
- Zeek (Bro) rename log according to input file
- Steps for running a custom script in Zeek(bro) NSM and generating notice in log files?
- Bro / Zeek broctl unable to find peers
- Bro / Zeek debugging logs?
- Which services are identified in conn.log by Bro?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
As far as I can tell, that's not possible. For one thing, it appears that you can give multiple pcap files to zeek on the command line, and they are all opened in parallel. In that case, there would be no correct answer to "what pcap is being processed?" In any case, I can't find any way that would be exposed to scripts.
I would recommend you work around it by wrapping zeek with a script that places the name of the file into an environment variable. Then within the script, you can use
getenvto obtain the value stored in the environment variable.