Re: Compiling Zeek 3.0.2 returns an error at final stage (partially solved)

2020-03-08 Thread Carlos Lopez
Ok, all works well when I configure Zeek as a standalone node: packets are 
captured, there are several logs regarding conn, dns ... Problem appears when 
Zeek is configured as a cluster using one host as a manager and another host as 
a worker  ...

Strange, because PF is disabled in both hosts, one host can connect to the 
other (ping, ssh and so on). Maybe it is a bug with Zeek ...

-- 
Regards,
C. L. Martinez

On 08/03/2020, 10:42, "owner-m...@openbsd.org on behalf of Carlos Lopez" 
 wrote:

Hi Monah,

Yes, zeekctl deploy works without problem. If I launch several requests 
using curl or doing several dns requests, I can see all of them with tcpdump 
but not in zeek … Of course, sniffing the same interface …

--
Regards,
C. L. Martinez

From: Monah Baki 
Date: Sunday, 8 March 2020 at 00:25
To: Carlos Lopez 
Cc: "misc@openbsd.org" 
Subject: Re: Compiling Zeek 3.0.2 returns an error at final stage

From the server if you curl a website, in zeek log current folder do you 
see a http.log file, and after changing the interface did you zeekctl deploy.

Thanks
Monah



On Sat, Mar 7, 2020 at 5:42 PM Carlos Lopez 
mailto:clo...@outlook.com>> wrote:
Thanks Monah … But this is not the problem … interface configuration is 
correct …

--
Regards,
C. L. Martinez

From: Monah Baki mailto:monahb...@gmail.com>>
Date: Saturday, 7 March 2020 at 23:30
To: Carlos Lopez mailto:clo...@outlook.com>>
Cc: "misc@openbsd.org<mailto:misc@openbsd.org>" 
mailto:misc@openbsd.org>>
    Subject: Re: Compiling Zeek 3.0.2 returns an error at final stage

Hi Carlos,

Check your node.cfg, the interface section

[zeek]
type=standalone
host=localhost
interface=eth0   <<<<<< might want to change it

On Sat, Mar 7, 2020 at 5:01 PM Carlos Lopez 
mailto:clo...@outlook.com>> wrote:
Many thanks for your answer Stuart ... Finally, I have compiled Zeek 
3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture any 
packet ... and tcpdump works without problems and I can see all traffic ...

--
Regards,
C. L. Martinez

On 07/03/2020, 22:08, 
"owner-m...@openbsd.org<mailto:owner-m...@openbsd.org> on behalf of Stuart 
Henderson" mailto:owner-m...@openbsd.org> on behalf of 
s...@spacehopper.org<mailto:s...@spacehopper.org>> wrote:

On 2020-03-07, Carlos Lopez 
mailto:clo...@outlook.com>> wrote:
> Hi all,
>
>  I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully 
patched but compilation returns me the following error:
>
> [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
> [ 97%] Linking CXX executable zeek
> ld: error: unable to find library -llibbinpac.so.VERSION
> c++: error: linker command failed with exit code 1 (use -v to see 
invocation)
> *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826 
'src/zeek')
> *** Error 1 in build (CMakeFiles/Makefile2:1661 
'src/CMakeFiles/zeek.dir/all')
> *** Error 1 in build (Makefile:152 'all')
> *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')
>
>  But libbinpac.so exists compiled under the source dirs.:
>
> root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
> ./build/aux/binpac/lib/libbinpac.so
> root@obsd66:~/builds/src/zeek-3.0.2
>
>  Any tip to solve this issue?
>

You're probably better off using the port. There is a fair chance that
if you update *just* the net/bro directory (the port dir wasn't renamed
but the package was) to -current that it will build, and if not, you'll
be closer to getting it working.

Or the easy option, update to -current, pkg_add zeek.





Re: Compiling Zeek 3.0.2 returns an error at final stage

2020-03-08 Thread Carlos Lopez
Hi Monah,

Yes, zeekctl deploy works without problem. If I launch several requests using 
curl or doing several dns requests, I can see all of them with tcpdump but not 
in zeek … Of course, sniffing the same interface …

--
Regards,
C. L. Martinez

From: Monah Baki 
Date: Sunday, 8 March 2020 at 00:25
To: Carlos Lopez 
Cc: "misc@openbsd.org" 
Subject: Re: Compiling Zeek 3.0.2 returns an error at final stage

>From the server if you curl a website, in zeek log current folder do you see a 
>http.log file, and after changing the interface did you zeekctl deploy.

Thanks
Monah



On Sat, Mar 7, 2020 at 5:42 PM Carlos Lopez 
mailto:clo...@outlook.com>> wrote:
Thanks Monah … But this is not the problem … interface configuration is correct 
…

--
Regards,
C. L. Martinez

From: Monah Baki mailto:monahb...@gmail.com>>
Date: Saturday, 7 March 2020 at 23:30
To: Carlos Lopez mailto:clo...@outlook.com>>
Cc: "misc@openbsd.org<mailto:misc@openbsd.org>" 
mailto:misc@openbsd.org>>
Subject: Re: Compiling Zeek 3.0.2 returns an error at final stage

Hi Carlos,

Check your node.cfg, the interface section

[zeek]
type=standalone
host=localhost
interface=eth0   <<<<<< might want to change it

On Sat, Mar 7, 2020 at 5:01 PM Carlos Lopez 
mailto:clo...@outlook.com>> wrote:
Many thanks for your answer Stuart ... Finally, I have compiled Zeek 
3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture any 
packet ... and tcpdump works without problems and I can see all traffic ...

--
Regards,
C. L. Martinez

On 07/03/2020, 22:08, "owner-m...@openbsd.org<mailto:owner-m...@openbsd.org> on 
behalf of Stuart Henderson" 
mailto:owner-m...@openbsd.org> on behalf of 
s...@spacehopper.org<mailto:s...@spacehopper.org>> wrote:

On 2020-03-07, Carlos Lopez mailto:clo...@outlook.com>> 
wrote:
> Hi all,
>
>  I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully patched 
but compilation returns me the following error:
>
> [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
> [ 97%] Linking CXX executable zeek
> ld: error: unable to find library -llibbinpac.so.VERSION
> c++: error: linker command failed with exit code 1 (use -v to see 
invocation)
> *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826 'src/zeek')
> *** Error 1 in build (CMakeFiles/Makefile2:1661 
'src/CMakeFiles/zeek.dir/all')
> *** Error 1 in build (Makefile:152 'all')
> *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')
>
>  But libbinpac.so exists compiled under the source dirs.:
>
> root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
> ./build/aux/binpac/lib/libbinpac.so
> root@obsd66:~/builds/src/zeek-3.0.2
>
>  Any tip to solve this issue?
>

You're probably better off using the port. There is a fair chance that
if you update *just* the net/bro directory (the port dir wasn't renamed
but the package was) to -current that it will build, and if not, you'll
be closer to getting it working.

Or the easy option, update to -current, pkg_add zeek.



Re: Compiling Zeek 3.0.2 returns an error at final stage

2020-03-07 Thread Monah Baki
>From the server if you curl a website, in zeek log current folder do you
see a http.log file, and after changing the interface did you zeekctl
deploy.

Thanks
Monah



On Sat, Mar 7, 2020 at 5:42 PM Carlos Lopez  wrote:

> Thanks Monah … But this is not the problem … interface configuration is
> correct …
>
>
>
> --
>
> Regards,
>
> C. L. Martinez
>
>
>
> *From: *Monah Baki 
> *Date: *Saturday, 7 March 2020 at 23:30
> *To: *Carlos Lopez 
> *Cc: *"misc@openbsd.org" 
> *Subject: *Re: Compiling Zeek 3.0.2 returns an error at final stage
>
>
>
> Hi Carlos,
>
>
>
> Check your node.cfg, the interface section
>
>
>
> [zeek]
> type=standalone
> host=localhost
> interface=eth0   <<<<<< might want to change it
>
>
>
> On Sat, Mar 7, 2020 at 5:01 PM Carlos Lopez  wrote:
>
> Many thanks for your answer Stuart ... Finally, I have compiled Zeek
> 3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture
> any packet ... and tcpdump works without problems and I can see all traffic
> ...
>
> --
> Regards,
> C. L. Martinez
>
> On 07/03/2020, 22:08, "owner-m...@openbsd.org on behalf of Stuart
> Henderson" 
> wrote:
>
> On 2020-03-07, Carlos Lopez  wrote:
> > Hi all,
> >
> >  I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully
> patched but compilation returns me the following error:
> >
> > [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
> > [ 97%] Linking CXX executable zeek
> > ld: error: unable to find library -llibbinpac.so.VERSION
> > c++: error: linker command failed with exit code 1 (use -v to see
> invocation)
> > *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826
> 'src/zeek')
> > *** Error 1 in build (CMakeFiles/Makefile2:1661
> 'src/CMakeFiles/zeek.dir/all')
> > *** Error 1 in build (Makefile:152 'all')
> > *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')
> >
> >  But libbinpac.so exists compiled under the source dirs.:
> >
> > root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
> > ./build/aux/binpac/lib/libbinpac.so
> > root@obsd66:~/builds/src/zeek-3.0.2
> >
> >  Any tip to solve this issue?
> >
>
> You're probably better off using the port. There is a fair chance that
> if you update *just* the net/bro directory (the port dir wasn't renamed
> but the package was) to -current that it will build, and if not, you'll
> be closer to getting it working.
>
> Or the easy option, update to -current, pkg_add zeek.
>
>
>


Re: Compiling Zeek 3.0.2 returns an error at final stage

2020-03-07 Thread Carlos Lopez
Thanks Monah … But this is not the problem … interface configuration is correct 
…

--
Regards,
C. L. Martinez

From: Monah Baki 
Date: Saturday, 7 March 2020 at 23:30
To: Carlos Lopez 
Cc: "misc@openbsd.org" 
Subject: Re: Compiling Zeek 3.0.2 returns an error at final stage

Hi Carlos,

Check your node.cfg, the interface section

[zeek]
type=standalone
host=localhost
interface=eth0   <<<<<< might want to change it

On Sat, Mar 7, 2020 at 5:01 PM Carlos Lopez 
mailto:clo...@outlook.com>> wrote:
Many thanks for your answer Stuart ... Finally, I have compiled Zeek 
3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture any 
packet ... and tcpdump works without problems and I can see all traffic ...

--
Regards,
C. L. Martinez

On 07/03/2020, 22:08, "owner-m...@openbsd.org<mailto:owner-m...@openbsd.org> on 
behalf of Stuart Henderson" 
mailto:owner-m...@openbsd.org> on behalf of 
s...@spacehopper.org<mailto:s...@spacehopper.org>> wrote:

On 2020-03-07, Carlos Lopez mailto:clo...@outlook.com>> 
wrote:
> Hi all,
>
>  I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully patched 
but compilation returns me the following error:
>
> [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
> [ 97%] Linking CXX executable zeek
> ld: error: unable to find library -llibbinpac.so.VERSION
> c++: error: linker command failed with exit code 1 (use -v to see 
invocation)
> *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826 'src/zeek')
> *** Error 1 in build (CMakeFiles/Makefile2:1661 
'src/CMakeFiles/zeek.dir/all')
> *** Error 1 in build (Makefile:152 'all')
> *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')
>
>  But libbinpac.so exists compiled under the source dirs.:
>
> root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
> ./build/aux/binpac/lib/libbinpac.so
> root@obsd66:~/builds/src/zeek-3.0.2
>
>  Any tip to solve this issue?
>

You're probably better off using the port. There is a fair chance that
if you update *just* the net/bro directory (the port dir wasn't renamed
but the package was) to -current that it will build, and if not, you'll
be closer to getting it working.

Or the easy option, update to -current, pkg_add zeek.




Re: Compiling Zeek 3.0.2 returns an error at final stage

2020-03-07 Thread Monah Baki
Hi Carlos,

Check your node.cfg, the interface section

[zeek]
type=standalone
host=localhost
interface=eth0   << might want to change it

On Sat, Mar 7, 2020 at 5:01 PM Carlos Lopez  wrote:

> Many thanks for your answer Stuart ... Finally, I have compiled Zeek
> 3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture
> any packet ... and tcpdump works without problems and I can see all traffic
> ...
>
> --
> Regards,
> C. L. Martinez
>
> On 07/03/2020, 22:08, "owner-m...@openbsd.org on behalf of Stuart
> Henderson" 
> wrote:
>
> On 2020-03-07, Carlos Lopez  wrote:
> > Hi all,
> >
> >  I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully
> patched but compilation returns me the following error:
> >
> > [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
> > [ 97%] Linking CXX executable zeek
> > ld: error: unable to find library -llibbinpac.so.VERSION
> > c++: error: linker command failed with exit code 1 (use -v to see
> invocation)
> > *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826
> 'src/zeek')
> > *** Error 1 in build (CMakeFiles/Makefile2:1661
> 'src/CMakeFiles/zeek.dir/all')
> > *** Error 1 in build (Makefile:152 'all')
> > *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')
> >
> >  But libbinpac.so exists compiled under the source dirs.:
> >
> > root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
> > ./build/aux/binpac/lib/libbinpac.so
> > root@obsd66:~/builds/src/zeek-3.0.2
> >
> >  Any tip to solve this issue?
> >
>
> You're probably better off using the port. There is a fair chance that
> if you update *just* the net/bro directory (the port dir wasn't renamed
> but the package was) to -current that it will build, and if not, you'll
> be closer to getting it working.
>
> Or the easy option, update to -current, pkg_add zeek.
>
>
>
>


Re: Compiling Zeek 3.0.2 returns an error at final stage

2020-03-07 Thread Carlos Lopez
Many thanks for your answer Stuart ... Finally, I have compiled Zeek 
3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture any 
packet ... and tcpdump works without problems and I can see all traffic ...

-- 
Regards,
C. L. Martinez

On 07/03/2020, 22:08, "owner-m...@openbsd.org on behalf of Stuart Henderson" 
 wrote:

On 2020-03-07, Carlos Lopez  wrote:
> Hi all,
>
>  I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully patched 
but compilation returns me the following error:
>
> [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
> [ 97%] Linking CXX executable zeek
> ld: error: unable to find library -llibbinpac.so.VERSION
> c++: error: linker command failed with exit code 1 (use -v to see 
invocation)
> *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826 'src/zeek')
> *** Error 1 in build (CMakeFiles/Makefile2:1661 
'src/CMakeFiles/zeek.dir/all')
> *** Error 1 in build (Makefile:152 'all')
> *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')
>
>  But libbinpac.so exists compiled under the source dirs.:
>
> root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
> ./build/aux/binpac/lib/libbinpac.so
> root@obsd66:~/builds/src/zeek-3.0.2
>
>  Any tip to solve this issue?
>

You're probably better off using the port. There is a fair chance that
if you update *just* the net/bro directory (the port dir wasn't renamed
but the package was) to -current that it will build, and if not, you'll
be closer to getting it working.

Or the easy option, update to -current, pkg_add zeek.





Re: Compiling Zeek 3.0.2 returns an error at final stage

2020-03-07 Thread Stuart Henderson
On 2020-03-07, Carlos Lopez  wrote:
> Hi all,
>
>  I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully patched but 
> compilation returns me the following error:
>
> [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
> [ 97%] Linking CXX executable zeek
> ld: error: unable to find library -llibbinpac.so.VERSION
> c++: error: linker command failed with exit code 1 (use -v to see invocation)
> *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826 'src/zeek')
> *** Error 1 in build (CMakeFiles/Makefile2:1661 'src/CMakeFiles/zeek.dir/all')
> *** Error 1 in build (Makefile:152 'all')
> *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')
>
>  But libbinpac.so exists compiled under the source dirs.:
>
> root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
> ./build/aux/binpac/lib/libbinpac.so
> root@obsd66:~/builds/src/zeek-3.0.2
>
>  Any tip to solve this issue?
>

You're probably better off using the port. There is a fair chance that
if you update *just* the net/bro directory (the port dir wasn't renamed
but the package was) to -current that it will build, and if not, you'll
be closer to getting it working.

Or the easy option, update to -current, pkg_add zeek.



Compiling Zeek 3.0.2 returns an error at final stage

2020-03-07 Thread Carlos Lopez
Hi all,

 I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully patched but 
compilation returns me the following error:

[ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
[ 97%] Linking CXX executable zeek
ld: error: unable to find library -llibbinpac.so.VERSION
c++: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826 'src/zeek')
*** Error 1 in build (CMakeFiles/Makefile2:1661 'src/CMakeFiles/zeek.dir/all')
*** Error 1 in build (Makefile:152 'all')
*** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')

 But libbinpac.so exists compiled under the source dirs.:

root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
./build/aux/binpac/lib/libbinpac.so
root@obsd66:~/builds/src/zeek-3.0.2

 Any tip to solve this issue?

-- 
Regards,
C. L. Martinez