Is it possible to disable the reporter.log of the Netcontrol Framework?
My problem is that when I start a broker communication with a python software, I can make the communication and also actually carry out the command requested in the message. The problem is that the reporter.log is created with the following message:
"
- 1593701753.778553 Reporter :: WARNING failed to convert remote event ‘NetControl :: rule_added’ arg # 1, got vector, expected record (empty)
- 1593701853.778553 Reporter :: WARNING failed to convert remote event ‘NetControl :: rule_expire’ arg # 1, got vector, expected record (empty)
- 1593701963.778553 Reporter :: WARNING failed to convert remote event ‘NetControl :: rule_timeout’ arg # 1, got vector, expected record (empty)
"
Repeated hundreds of times for each communication between Zeek and the Broker.
For me the warning in the reporter.log actually don’t mean a real error but i want get rid of it, i want be able to have the reporter free from this error.
Thanks in advance for a future reply
Hmm, that looks like something that needs to be fixed. None of the
events that are being sent back from the client are being received
properly. You could just ignore those messages, but fixing the events
will make all the features work properly and stop the messages.
What version of everything are you using?
Hi, first of all thanks.
I have zeek at version 3.0.6
Broker library at version v1.2.4 (tag) and I compiled and installed the package for python ver. 3.7.
My comunication with zeek is between a “Broker” that is the python code on a different machines where zeek run, meanwhile zeek is the client on the comunication.
The problem is that i can’t Debug what zeek want as a response when send the first command and so on. The reporter it’s really strange whit that sentence because if i’m not wrong there isn’t a type for record in python. In the end when i start the whole system when zeek and the python code excange the messages, all the comunication work so i don’t really understeand why the reporter go wild.
Are you using the zeek-netcontrol package or just broker directly?
Looking how that library does things, sending a message to broker
should look something like this:
args = [broker.Count(pluginid), rawrule, msg]
ev = broker.zeek.Event("NetControl::broker_rule_added", *args)
endpoint.publish(queuename, ev)
or just written out as
ev = broker.zeek.Event("NetControl::broker_rule_added",
broker.Count(pluginid), rawrule, msg)
endpoint.publish(queuename, ev)
I’m using the netcontrol package but what i need to send is the " response " to the client that already had sent a message to the broker.
Zeek it’s the client, send a message to the broker and here the broker do the action asked from Zeek and respond with the status of the command executed.
Maybe the problem is in the response that i send from the broker to zeek in the python code ?
Sorry, i meant this specifically: https://github.com/zeek/zeek-netcontrol
That project has some python code for how to receive and respond to
the netcontrol events. Not sure if you are using that or if you are
using broker directly.
The problem is definitely the response being sent from broker back to
zeek.. it's expecting one type of message but getting a different one.
Yeah it’s this one that i’m using on the python.
But exactly for tell to Netcontrol that the rule that he sent ( and wait a response ) it’s added correctly ?