Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

extracted files not getting saved to correct location for live Zeek capture #590

Closed
mmguero opened this issue Oct 8, 2024 · 0 comments
Closed

extracted files not getting saved to correct location for live Zeek capture #590

mmguero opened this issue Oct 8, 2024 · 0 comments
Assignees
@mmguero
Labels
bug Something isn't working carving Relating to carving (extraction) of files from traffic and the scanning of those files external Depends on a bug or feature external to this project regression It worked at one point... zeek Relating to Malcolm's use of Zeek
Milestone
v24.10.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Oct 8, 2024

In the fix for zeek/zeekctl#65 (see also this changelog), the behavior for where extracted files go changed when deploying zeek with zeekctl.

As some of Malcolm's code which was setting the path of extracted files by using an environment variable to redef FileExtract::prefix depended on the old behavior, we need to, as the comment in the changelog says, set FileExtractDir in zeekctl.cfg to an empty value.

The symptom of this is that files are ending up underneath /opt/zeek/spool rather than in the correct extracted files location for Malcolm/Hedgehog Linux.
@mmguero mmguero added bug Something isn't working carving Relating to carving (extraction) of files from traffic and the scanning of those files external Depends on a bug or feature external to this project zeek Relating to Malcolm's use of Zeek regression It worked at one point... labels Oct 8, 2024
@mmguero mmguero added this to the v24.10.0 milestone Oct 8, 2024
@mmguero mmguero self-assigned this Oct 8, 2024
@mmguero mmguero added this to Malcolm Oct 8, 2024
@mmguero mmguero moved this to Testing in Malcolm Oct 8, 2024
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Oct 8, 2024
@mmguero
for idaholab#590, extracted files not getting saved to correct locati…
3d486c0 
…on for live Zeek capture
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Oct 9, 2024
@mmguero
for idaholab#590, extracted files not getting saved to correct locati…
a6c2737 
…on for live Zeek capture
@mmguero mmguero closed this as completed Oct 9, 2024
@github-project-automation github-project-automation bot moved this from Testing to Done in Malcolm Oct 9, 2024
@mmguero mmguero moved this from Done to Released in Malcolm Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
bug Something isn't working carving Relating to carving (extraction) of files from traffic and the scanning of those files external Depends on a bug or feature external to this project regression It worked at one point... zeek Relating to Malcolm's use of Zeek
Projects
Malcolm
Status: Released
Milestone
v24.10.0
Development

No branches or pull requests
1 participant
@mmguero