I have some problems with zeek-agent

Hi, everyone. When I use zeek-agent, I have some problems.

This is my enviroment:
CentOS Linux release 7.8.2003
OSquery 4.2.0
zeek 3.0.12
zeek-agent 1.0.2
zeek-agent-framework 0.4

My work:

• installed zeek, OSquery, zeek-agent, zeek-agent-framework successfully
• config zeek-agent

{
“server_address”: “127.0.0.1”,
“server_port”: 9999,
“log_folder”: “/var/log/zeek”,
“max_queued_row_count”: 5000,
“osquery_extensions_socket”: “/var/osquery/osquery.em”,
“group_list”:
}

• config /opt/zeek/share/zeek/site/local.zeek , add this at the end:

@load zeek-agent

• config /opt/zeek/share/zeek/site/zeek-agent/load.zeek , add this at the end:

@load ./examples/auditd

• start auditd service, start osqueryd
• start zeek-agent

sudo zeek-agent

• start zeekctl

zeekctl deploy

zeekctl

[ZeekControl] > start

Everything is right. I could find logs in /opt/zeek/logs/current:

broker.log conn.log dns.log ntp.log stats.log stdout.log zeek-agent.log
capture_loss.log dhcp.log loaded_scripts.log packet_filter.log stderr.log weird.log

but I can’t see any log name starting with “agent_” , such as: agent_socket_events.log agent_process_events.log (from vZW20 - Day 2 - Zeek Agent: Correlating Host & Network Logs for Better Forensics - Wajih Ul Hassan).

My questions:

1. Was there any wrong in my actions?
2. Where are agent_socket_events.log agent_process_events.log?
3. What is the relation between virtual tables and “agent_*.log” ?
4. Virtual tables are stored in sqlite or osquery?

Thank you very much!