I seem to be struggling with where I need to make changes to zeek (persistent over reboots). I have changed the top_dir to a new location but I prefer to have the following changes to how zeek operates:
- Set LogDir to /storage/pcap
- Set LogExpireInterval to a 20 day window
- Set LogRotationInterval to a 10 day window
- MinDiskSpace to 90
- Have zeek cron clean up at this point
- Define known/trusted networks
- Rename interfaces in zeek (or create reference as) INGRESS and EGRESS
I understand not to change the zeek/etc/zeekctl.cfg, node.cfg and netwroks.cfg files in this docker deployment. I did follow the instructions to change top_dir but do not understand how to change other options for the zeekctl-config.sh to run with.
I seem to be struggling with where I need to make changes to zeek (persistent over reboots). I have changed the top_dir to a new location but I prefer to have the following changes to how zeek operates:
I understand not to change the zeek/etc/zeekctl.cfg, node.cfg and netwroks.cfg files in this docker deployment. I did follow the instructions to change top_dir but do not understand how to change other options for the zeekctl-config.sh to run with.