-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
52 lines (40 loc) · 1.3 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
Ennetix::Websocket
=================================
This zeek plugin uses Simple-websocket-server: https://gitlab.com/eidheim/Simple-WebSocket-Server library to send the logs.
### Install using zkg
In the zeek-Websocket directory, run:
```
$ zkg install .
```
### Steps to install Simple-Websocket-Server:
```
$ sudo apt-get install libboost-all-dev
$ git clone https://gitlab.com/eidheim/Simple-WebSocket-Server.git
$ cd Simple-WebSocket-Server && mkdir build && cd build/ && cmake .. && make && make install
```
### Steps to manually configuring and installing
```
$ ./configure --with-websocket=/usr/local
```
Replace path with the Simple-websocket-library path.
```
$ cd build/ && cmake .. && make && make install
$ zeek -N
```
With the last command, you can see that the plugin included in the list.
Make sure that in /usr/local/incude the folder named simple-websocket-server is present.
Also shift the demo_client.cpp to simple-websocket-server folder and run the client
```
$ g++ demo_client.cpp -o demo_client -L/usr/lib -lssl -lcrypto
$ ./demo_client
```
### Running the sample code using live traffic
```
$ zeek -i <interface> send_logs.zeek
```
### Running the sample code using pcap file
Then collect the packets using tcpdump.
```
$ sudo tcpdump -s 0 -w get.trace
$ Zeek -C -r get.trace send_logs.zeek
```