mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
ded98cd373
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the zeek-docs repo.
25 lines
517 B
Text
25 lines
517 B
Text
redef exit_only_after_terminate = T;
|
|
|
|
event file_new(f: fa_file)
|
|
{
|
|
print "new file", f$id;
|
|
Files::add_analyzer(f, Files::ANALYZER_MD5);
|
|
}
|
|
|
|
event file_state_remove(f: fa_file)
|
|
{
|
|
print "file_state_remove";
|
|
Input::remove(f$source);
|
|
terminate();
|
|
}
|
|
|
|
event file_hash(f: fa_file, kind: string, hash: string)
|
|
{
|
|
print "file_hash", f$id, kind, hash;
|
|
}
|
|
|
|
event zeek_init()
|
|
{
|
|
local source: string = "./myfile";
|
|
Input::add_analysis([$source=source, $name=source]);
|
|
}
|