Adding command line option to configuration file

Hi everyone,

Zeek documentation states one way to ignore bad packet checksums is to add '-C' options to the zeek command. I use zeekctl to start the zeek process. Which configuration file and/or variable should I use to specify this option?

Regards,

Use:

zeekargs = --no-checksums

in your zeekctl.cfg

James

Hi James,

Your suggestion resolved the issue. Thanks for your time.

For the sake of completeness, I will add the warning I used to get anytime I ran zeekctl diag:

Reporter::WARNING Your interface is likely receiving invalid TCP and UDP checksums, most likely from NIC checksum offloading. By default, packets with invalid checksums are discarded by Zeek unless using the -C command-line option or toggling the 'ignore_checksums' variable. Alternatively, disable checksum offloading by the network adapter to ensure Zeek analyzes the actual checksums that are transmitted. /opt/zeek/share/zeek/base/misc/find-checksum-offloading.zeek, line 54