Zeek - Demonstrate Your Skills

Did you do the lab "Zeek: Ep.6 – File Analysis Framework" (sucessfully)?

I might be wrong, but https://github.com/zeek/zeekctl says that you should run "zeekctl deploy" after each configuration change. And I'm afraid that statement is true.
- My script works when running via command line
- My script doesn't run when added to the local.zeek file
- File hashes are always calculated, also after removing that include from local.zeek

And ofc we can't run zeekctl...we're doomed, almost. It can be done, I just did it (Ep.1-7 and Demonstrate Your Skills).

Hint:
Ignore the lab instructions and do not "Follow instructions and rerun the first command in shell". I repeat, do not. Maybe that worked in the past, but not with the current lab. For me, the signatures part didn't work either, had to figure it out manually. And the last question is quite "interesting", too.

I cant remember this lab....my notes simply state 

"Follow instructions and rerun the first command in shell"

Maybe this will help or not....Gus

Hi lupolder - welcome to the community.

Demonstrate Labs are technically challenging labs that offer very limited information and guidance, they are supposed to be challenging and consolidate your learning from all of the other labs in the collection (in this case, the 8 labs in the Zeek Collection).

As a result, the level of detail of the hints and tips that the community are able to share here is limited.

If you haven't already, I recommend that you complete all of the labs in the collection, and if it's been a while since you did, you might want to refresh your memory.