Hello, I am interested in creating a new script, which should contain a new module and that should generate logs and I would like to know in which directory should I locate it and which files should I modify in order to make Zeek use this script in live traffic monitoring.
Analyzing similar issues on Zeek forums, I tried to located my script in a new directory /usr/local/zeek/share/zeek/policy/protocols/dnstunnel/main.zeek and then I wrote @load /protocols/dnstunnel/main on local.rules file (usr/local/zeek/share/zeek/site/ directory).
However, when I try to run deploy on zeekctl, I get this error message: fatal error in /usr/local/zeek/share/zeek/site/local.zeek, line 10: can’t find /protocols/dnstunnel/main
Also, I was trying to make an offline analysis, in normal mode, using the custom script and got this error message:
1715705549.921046 fatal error in : Val::CONVERTER (types/record) (1715711623.803702, CGvI182aQOcnXDzKil, [orig_h=192.168.0.11, orig_p=36068/udp, resp_h=177.128.208.41, resp_p=53/udp], 39)
I suppose it means that Zeek obtained the informations that I defined that should be shown on the logs, but could not parse it. This is the custom log I was trying to use. I would like to know how to solve these issues. Thanks in advance (and sorry for creating 3 topics in 2 days, I am a new user of Zeek 
).