Errors while creating own analyzer plugin

ra7eshadowlegends · April 2, 2021, 5:19pm

Hi everyone, i`m trying to create my own zeek analyzer-plugin. At first I tried to build it by init-plugin script, but received compilation errors. Then i find binpac-quickstart guide. Currently im working with this guide, but receiving strange errors. Can you help me? Thanks a lot:)

/home/artem/Desktop/WORK/bincap/binpac_quickstart/ndpi_analyzer/src/ndpi_pac.h:43:23: error: expected ')' before '*' token
NDPI_Conn(BroAnalyzer * bro_analyzer);
           ~ ^~
                       )
/home/artem/Desktop/WORK/bincap/binpac_quickstart/ndpi_analyzer/src/ndpi_pac.h:49:2: error: ‘BroAnalyzer’ does not name a type; did you mean ‘FlowAnalyzer’?
  BroAnalyzer * bro_analyzer() const { return bro_analyzer_; }
  ^~~~~~~~~~~

I know that guys released new version of zeek, i tried to rename this names to Zeek, but it does not help.

Tim_Wojtulewicz · April 7, 2021, 4:31pm

It’s possible that the binpac-quickstart guide hasn’t been updated to handle all of the changes we’ve made to Zeek recently. For example, BroAnalyzer doesn’t exist in 4.0 anymore and was renamed to ZeekAnalzyer.

What errors did you get from init-plugin?

Tim

Topic		Replies	Views
Writing a Protocol Analyzer Plugin Development development	10	234	May 6, 2022
BinPAC quickstart Zeek	2	207	May 6, 2022
Undefined symbol while writing an analyzer Zeek	3	101	May 6, 2022
Plugin did not instantiate Zeek	1	132	May 6, 2022
Plugin did not instantiate Development development	1	240	May 6, 2022

Errors while creating own analyzer plugin

Related topics