Way late on this, but it should work with the upcoming Zeek 4.0 too. All of the necessary changes to rename scripts and change bro_init->zeek_init are in place. A few extra little changes snuck in with this update too.
- Pulled in a change from Phil at Brim that makes it possible to disable rotation for the streaming logs
JSONStreaming::enable_log_rotation - Made it possible to set
JSONStreaming::extra_filesto 0 if you don't want any of the backing files. - Added a
JSONStreaming::system_nameoption if you'd like the extension fields in the logs to have a local system name.