Hi, I need help to print data_value of event dnp3_response_data_object() in dnp3/events.bif. This event is generated from type Response_Data_Object() of dnp3-objects.pac. I want to know how can I fetch these attributes using the above event. Please suggest. Thanks Biswa

Hello @biswa , it’s not immediately clear what you want to achive. Have you looked if the dnp3_attribute_common() event would cover your case? Are you looking for an event that gives you just the raw data of a Response_Data_Object? Can you sketch the declaration of the event or a bit of scripting c…

Ah, this is probably all related to your previous post: [image] How to new events for parsed parameters from dnp3 binpac Zeek Hi, I was trying to understand the existing binpac framework (as DNP3 protocol parser is is binpac only ). I can see zeek_dnp3.events.bif.zeek has…

Thanks a lot @awelzel for the reply. I have started adding few events in the existing parser, I have few doubts. When I change anything in zeek related files and try to make then it starts again from configure and make from scratch. Is there any option to get rid of this and compile only the chan…

Hi @awelzel , any pointers regarding these doubts would be very helpful. Query 1 is related to compilation, whereas 2,3 is related to printing attr_obj, data_value format and 4 is related to enhancement for missing fields. Thanks Biswa

Hello @biswa - this went under. When I change anything in zeek related files and try to make then it starts again from configure and make from scratch. Is there any option to get rid of this and compile only the changed files? Hmm - this depends a bit on the files you modify, but for .pac, .cc o…

Thanks a lot @awelzel for this detailed reply. It’s better if you can implement these requirements in zeek dnp3. You understand the framework better, I can do the implementation but it may take time to bring it into the main stream. I will add all the requirements in the GitHub issues, please take u…

Need help to print data_value in zeek

Zeek

awelzel April 6, 2023, 8:54am 3

Ah, this is probably all related to your previous post:

If the existing parser doesn’t provide you with the events you need and you have pcaps available for testing, you could start looking at extending the parser and contributing back

1 Like

Topic		Replies	Views
How to new events for parsed parameters from dnp3 binpac Zeek development	0	220	April 1, 2023
Hui Lin_DNP3 analyzer not working in current version of zeek Zeek	5	143	May 6, 2022
Spicy conditional parsing variables not set evt file issue Spicy	2	229	April 29, 2024
bro and DNP3 decoder Development development	1	93	May 6, 2022
bro and DNP3 decoder Development development	4	157	May 6, 2022

Need help to print data_value in zeek

Related topics