Hi, I have interest in creating new Zeek scripts and I would like to know more about the directory in which it should be located and the files that I should change in order to promote the execution of the script in live mode.
I tried to create a new directory and I put the script in /usr/local/zeek/share/zeek/policy/protocols/dnstunnel/main.zeek and then I wrote @load /protocols/dnstunnel/main in local.zeek. However, when I tried to deploy Zeek on zeekctl, I got this error:
fatal error in /usr/local/zeek/share/zeek/site/local.zeek, line 10: can't find /protocols/dnstunnel/main
Also, I have tried to run in offline mode, but I also got an error:
1708710849.625750 fatal error in <no location>: Val::CONVERTER (types/record) (1715794250.1853, CAC3qJ3YGHkzS7WOPe, [orig_h=192.168.0.8, orig_p=57046/udp, resp_h=177.128.208.41, resp_p=53/udp], 15)
I suppose this error is related to a failure in converting the obtained data into log information.
I would like to know how I could solve these issues, thanks in advance :).