Hi there,
I’m rewriting an old analyzer as plugin I wrote several year ago with an old version of Bro.
So far, I have adapted the new namespaces and classes while looking at the IRC analyzer as template.
After installing, the plugin is recognized by zeek, checked with -N. But for some reason, the constructor of the analyzer is never called, which should happened in my Plugin.cc file (AddComponent) after the configuration is done.
Do I have to do something else?
Thanks!
Dane
I figured it out - you have to activate the analyzer “by hand”, described in the “old” Development How-Tos. Now everything works fine.
https://old.zeek.org/development/howtos/dpd.html
I couldn’t find an up-to-date link, is there any new documentation?
Dane
Hi Dane,
I’m not aware of newer docs, sorry. We unfortunately lack cycles to migrate/modernize old website content. It is more likely that we will write new documentation for the entirety of the analyzer & dpd frameworks at this point.
When you say “by hand”, you mean the Analyzer::register_for_ports() call, yes? The best guidance I can suggest is to take a look at how other analyzers built into Zeek do this.
Best,
Christian
Hey Christian,
yes, “by hand” I meant the Analyzer::register_for_ports(), I used that method in my analyzer scripts.
I will take a look at other analyzer, thanks!
Dane