rcmelendez/zeek.sh

## zeek.sh
#!/usr/bin/env bash
#
# Bash shell script that starts the Zeek process if it's not running.
#
# Add this script to the root crontab, e.g.:
#*/5 * * * * /Users/roberto/zeek.sh > /tmp/zeek.log 2>&1
#
#
# Version:  1.0.0
# Author:   Roberto Meléndez  [Cambridge, USA]
# Medium:   https://medium.com/@rcmelendez/
# Released: March 19, 2021

set -euo pipefail

# Get the process status and pid
zeek_status=$(/usr/local/bin/zeekctl status | awk 'END {print $4}' || true)
zeek_pid=$(/usr/local/bin/zeekctl status | awk 'END {print $5}' || true)

# Run the deploy command if Zeek is not running
# BPF device permissions have to be changed manually every time our Mac reboots :(
if [[ "${zeek_status}" != "running" ]]; then
  chgrp admin /dev/bpf*
  chmod g+r /dev/bpf*
  /usr/local/bin/zeekctl deploy
else
  echo "Nothing to do, Zeek is running with pid ${zeek_pid}"
fi
	#!/usr/bin/env bash
	#
	# Bash shell script that starts the Zeek process if it's not running.
	#
	# Add this script to the root crontab, e.g.:
	#/5 * * * /Users/roberto/zeek.sh > /tmp/zeek.log 2>&1
	#
	#
	# Version: 1.0.0
	# Author: Roberto Meléndez [Cambridge, USA]
	# Medium: https://medium.com/@rcmelendez/
	# Released: March 19, 2021

	set -euo pipefail

	# Get the process status and pid
	zeek_status=$(/usr/local/bin/zeekctl status \| awk 'END {print $4}' \|\| true)
	zeek_pid=$(/usr/local/bin/zeekctl status \| awk 'END {print $5}' \|\| true)

	# Run the deploy command if Zeek is not running
	# BPF device permissions have to be changed manually every time our Mac reboots :(
	if [[ "${zeek_status}" != "running" ]]; then
	chgrp admin /dev/bpf*
	chmod g+r /dev/bpf*
	/usr/local/bin/zeekctl deploy
	else
	echo "Nothing to do, Zeek is running with pid ${zeek_pid}"
	fi