mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
f0b9c59adb
zeek.on('zeek_init', () => {
console.log('Hello, Zeek!');
});
For interaction with external systems and HTTP APIs, JavaScript and the
Node.js ecosystem beat Zeek script. Make it more easily accessible by
including ZeekJS with Zeek directly.
When a recent enough libnode version is found on the build system, ZeekJS is
added as a builtin plugin. This behavior can be disabled via
``--disable-javascript``. Linux distributions providing such a package are
Ubuntu (22.10) and Debian (testing/bookworm) as libnode-dev.
Fedora provides it as nodejs-devel.
This plugin takes over loading of .js or .cjs files. When no such files
are provided to Zeek, Node and the V8 engine are not initialized and
should not get into the way.
This should be considered experimental.
30 lines
887 B
JavaScript
30 lines
887 B
JavaScript
/*
|
|
* @TEST-REQUIRES: $SCRIPTS/have-javascript
|
|
* @TEST-EXEC: zeek -b -Cr $TRACES/http/get.trace main.zeek LogAscii::use_json=T
|
|
* @TEST-EXEC: btest-diff http.log
|
|
*/
|
|
@TEST-START-FILE main.zeek
|
|
@load base/protocols/http
|
|
|
|
# Extending log records only works in Zeek script.
|
|
redef record HTTP::Info += {
|
|
## The sha256 value of the orig_URI.
|
|
uri_sha256: string &optional &log;
|
|
};
|
|
|
|
# Load the JavaScript pieces
|
|
@load ./main.js
|
|
@TEST-END-FILE
|
|
|
|
@TEST-START-FILE main.js
|
|
const crypto = require('crypto');
|
|
|
|
/*
|
|
* We can set fields directly on c.http from JavaScript and they'll appear
|
|
* in the http.log record. In this case, we compute the sha256 hash of
|
|
* the orig_URI and log it.
|
|
*/
|
|
zeek.on('http_request', { priority: -10 }, (c, method, orig_URI, escaped_URI, version) => {
|
|
c.http.uri_sha256 = crypto.createHash('sha256').update(orig_URI).digest().toString('hex');
|
|
});
|
|
@TEST-END-FILE
|