Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --all flag to send all log types #10

Merged
merged 1 commit into from
Mar 24, 2022
Merged

Add --all flag to send all log types #10

merged 1 commit into from
Mar 24, 2022

Conversation

ethack
Copy link
Contributor

@ethack ethack commented Mar 23, 2022

  • This change adds a new flag --all to the script that gives the option of sending all log types instead of just certain logs.
  • This is desirable in many cases as we don't have access to the sensor but do have access to the AC-Hunter system and the log types not used by AC-Hunter are useful for manual hunting or adding additional context to findings in AC-Hunter.
  • Everything is backwards compatible and the default behavior of the script remains unchanged.
  • I tested this on a customer system and it worked as expected.

This PR is an alternative the supersedes the (buggy) implementation in the transfer-all branch. That branch also changes the default behavior of the script which, in my view, is an unwelcome change.

This PR is an alternative to #9 which is an attempt at a more flexible approach. But that approach has way more changes to the existing script and is more time consuming to test.

@ethack ethack requested a review from william-stearns March 23, 2022 04:11
ethack
ethack commented Mar 23, 2022
View reviewed changes
zeek_log_transport.sh
-v Verbose; list out the files being transferred
-q Turn off any messages that are not errors
-n Dry run, do not actually transfer files
HEREDOC
Copy link
Contributor Author

@ethack ethack Mar 23, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was changing this text to document the new flag anyway so I took a stab at reworking the help text format to something more inline with other unix programs. If this change is a problem I can revert to the old help format.

@ethack ethack merged commit 973a3d9 into master Mar 24, 2022
@ethack ethack deleted the all-flag branch March 24, 2022 02:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@william-stearns william-stearns william-stearns approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ethack @william-stearns