Hi team, I am new to zeek and trying to learn zeek. I have already decrypted https traffic on port 443 which I want to feed to zeek to produce logs but usually zeek throw error as it see decrypted traffic on port 443.
How can I modify zeek configuration to produce log same as it produce for http traffic
Hello @fi2019,
what’s the error Zeek is throwing? Could you share the message and in which log it appears? If you can share a PCAP file with the traffic in question to reproduce what you’re seeing that would be most helpful.
How can I modify zeek configuration to produce log same as it produce for http traffic
If your environment is confined enough that you only ever see decrypted traffic and it’s only HTTP, it could make sense to remove the port registrations for the SSL analyzer on port 443 and register HTTP explicitly, but a few more details about your environment would be useful.
Thanks,
Arne