mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
ded98cd373
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the zeek-docs repo.
47 lines
1.3 KiB
Text
47 lines
1.3 KiB
Text
@load base/frameworks/config
|
|
|
|
@load ja3
|
|
@load zeek-community-id
|
|
@load zeek-community-id/notice
|
|
|
|
redef Config::config_files += { "./myconfig.dat" };
|
|
|
|
module Packages;
|
|
|
|
export {
|
|
# All packages off by default.
|
|
option community_id_enabled = F;
|
|
option ja3_enabled = F;
|
|
}
|
|
|
|
event zeek_init()
|
|
{
|
|
local package_change_handler = function(id: string, new_value: bool): bool {
|
|
local modules: set[string];
|
|
|
|
if ( id == "Packages::community_id_enabled" )
|
|
modules = ["CommunityID", "CommunityID::Notice"];
|
|
else if ( id == "Packages::ja3_enabled" )
|
|
modules = ["JA3", "JA3_Server"];
|
|
else
|
|
{
|
|
Reporter::error(fmt("Unknown option: %s", id));
|
|
return new_value;
|
|
}
|
|
|
|
# Toggle the modules.
|
|
for ( m in modules )
|
|
if ( new_value )
|
|
enable_module_events(m);
|
|
else
|
|
disable_module_events(m);
|
|
|
|
return new_value;
|
|
};
|
|
|
|
Option::set_change_handler("Packages::community_id_enabled", package_change_handler);
|
|
Option::set_change_handler("Packages::ja3_enabled", package_change_handler);
|
|
|
|
Config::set_value("Packages::community_id_enabled", community_id_enabled);
|
|
Config::set_value("Packages::ja3_enabled", ja3_enabled);
|
|
}
|