admin管理员组

文章数量:1123189

I have developed a zeek script using summary statistics library to capture and process goose and sv packets from a sample pcap file. Now, the pcap file is also configured to run on network interface. In the sumstats function, I put $epoch as a user-defined value which you can see in the following script. Now, I want to make this epoch an environment variable which can be passed as a parameter when running my docker container using docker run command. like docker "run -e ZEEK_EPOCH_DURATION="50s" -e envvar="eth0" my_scirpt.zeek.

I am a bit confused on how to configure it. In my docker file, I have tried to configure it like this:

1. #Set default environment variable for epoch duration ENV ZEEK_EPOCH_DURATION="5secs" envvar="default value"

2. Command to run Zeek with the environment variable

    `CMD ["/bin/sh", "-c", "zeek -i ${envvar} ${ZEEK_EPOCH_DURATION} -C /opt/ot-parsers/statistics.zeek"]`
   

        `global epoch_value= getenv("ZEEK_EPOCH_DURATION");`
  
        `SumStats::create([$name="goose_packet_analysis", $epoch=10secs,`
 
        `$reducers=set(`

        `SumStats::Reducer($stream="goose_total_length", $apply=set(SumStats::SUM,` 

        `SumStats::VARIANCE, SumStats::STD_DEV, SumStats::MAX, SumStats::MIN))`

        ),

        `$epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) =`

        `{`

Now, I checked that getenv function can be utilized in zeek to utilize an environment variable. But, I do not know how to pass this variable as a parameter in summary statistic framework. Asking for experts opinion and suggestions.

本文标签： dockerPassing epoch as environment variable in zeekStack Overflow