Christian Kreibich
Christian Kreibich
@awelzel's recent work on analyzer activation/deactivation/violations (zeek/zeek#2443, zeek/zeek#2390) had me thinking that we should cover general analyzer functionality. [Packet analyzers](https://docs.zeek.org/en/master/frameworks/packet-analysis.html) are there, but not the bigger picture.
Nothing covers https://github.com/zeek/zeek/tree/master/scripts/base/frameworks/packet-filter in the Zeek docs.
As @timwoj flagged on Slack, that file is very out of date and needs an edit pass — Netmap is now readily available on FreeBSD, it should cover AF_PACKET as...
The docs at https://docs.zeek.org/en/master/install.html#cross-compiling are thorough but a bit dated, and need revising to cover `--with-gen-zam`.
Zeek's C++ sources do a good job documenting the various plugin hooks types (see e.g. [here](https://github.com/zeek/zeek/blob/master/src/plugin/Plugin.h#L828-L853)), but it would be good to mention the existence of these hooks as entry...
When grepping through `stats.log` it's unclear when/whether a given node restarted, and inferring it from the numbers themselves is awkward and prone to error. Adding the PID would make this...
Hi there, are you still maintaining FlowMeter? We're considering adding your package to Zeek's standard [package source](https://github.com/zeek/packages) but wanted to check with you first. You are also welcome to submit...
CentOS Stream 8 is about to EOL so I'm including its removal here.
See `NEWS` addition for the details. This came out of a support thread on Slack, where I realized that as far as I could discern there's not currently a way...
Same as zeek-aux and binpac.