functionshellfilenameszeek

In Zeek (e.g. main.zeek), how can I use the variable from another script (e.g .sh file) with packet_source() or any function?


My command in the .sh file is running.

The command is: ($ZEEK -C -r $i dir)

i: pcap (file) name to be processed

dir: directory to be extracted

When the command is running, there are the extract files in desired location. It works pretty well. But I need that filename in the main.zeek. The question was that how can i access the filename in the main.zeek (used in the .sh file).

As I learned from here, packet_source() function could be called in script. But I can not implement it because I just started using it and I'm trying to get used to the script of Zeek.

In my script (main.zeek), after loading script index which contains packet_source() as the built-in function (@load base/bif/zeek.bif.zeek), how can i define a variable and use it (e.g global filename: function packet_source():, is it valid)?

I would be glad if you help.


Solution

  • In main.zeek, the variable could be defined as global to use in the every function that script has.

    global filename_s: string;

    After that, packet_source() is used to access the value. With its $path value, which file is read in there from PCAP would get. It should be placed in event zeek_init().

    event zeek_init()
    {
    local filename_source = packet_source();  
    filename_s = filename_source$path;
    } 
    

    That filename_s has the directory of the file Zeek read. It could be used in that script file (e.g. main.zeek).