Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

when processing multiple Zeek log subdirectories in a tarball, same symbolic link name can be assigned #86

Closed
mmguero opened this issue Nov 25, 2019 · 1 comment
Closed

when processing multiple Zeek log subdirectories in a tarball, same symbolic link name can be assigned #86

mmguero opened this issue Nov 25, 2019 · 1 comment
Assignees
@mmguero

Comments

@mmguero
Copy link
Collaborator

mmguero commented Nov 25, 2019

The upload form can not only take PCAP files, but also tarballs with zeek logs nested inside of them. However, if there are multiple subdirectories with the same log type nested inside of them, the creation of the symbolic link that is picked up by filebeat may generate the same filename, which causes some of hte logs to be missed.

Commit f5a2a1d should fix that issue.
@mmguero mmguero added bug Something isn't working zeek Relating to Malcolm's use of Zeek upload Relating to PCAP and/or Zeek log ingestion labels Nov 25, 2019
@mmguero mmguero self-assigned this Nov 25, 2019
@mmguero
Copy link
Collaborator Author

mmguero commented Nov 25, 2019

Fixed in v1.7.2, pull request #85

@mmguero mmguero closed this as completed Nov 25, 2019
mmguero added a commit that referenced this issue Nov 25, 2019
@mmguero
v1.7.2 development (#85)
d2c1b90 
* fix issue with zeek logs getting same symbolic link name (issue #86)

* include some sample sensor/forwarder configuration files
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mmguero