Ok, all works well when I configure Zeek as a standalone node: packets are
captured, there are several logs regarding conn, dns ... Problem appears when
Zeek is configured as a cluster using one host as a manager and another host as
a worker ...
Strange, because PF is disabled in both hosts, one host can connect to the
other (ping, ssh and so on). Maybe it is a bug with Zeek ...
--
Regards,
C. L. Martinez
On 08/03/2020, 10:42, "owner-m...@openbsd.org on behalf of Carlos Lopez"
<owner-m...@openbsd.org on behalf of clo...@outlook.com> wrote:
Hi Monah,
Yes, zeekctl deploy works without problem. If I launch several requests
using curl or doing several dns requests, I can see all of them with tcpdump
but not in zeek … Of course, sniffing the same interface …
--
Regards,
C. L. Martinez
From: Monah Baki <monahb...@gmail.com>
Date: Sunday, 8 March 2020 at 00:25
To: Carlos Lopez <clo...@outlook.com>
Cc: "misc@openbsd.org" <misc@openbsd.org>
Subject: Re: Compiling Zeek 3.0.2 returns an error at final stage
From the server if you curl a website, in zeek log current folder do you
see a http.log file, and after changing the interface did you zeekctl deploy.
Thanks
Monah
On Sat, Mar 7, 2020 at 5:42 PM Carlos Lopez
<clo...@outlook.com<mailto:clo...@outlook.com>> wrote:
Thanks Monah … But this is not the problem … interface configuration is
correct …
--
Regards,
C. L. Martinez
From: Monah Baki <monahb...@gmail.com<mailto:monahb...@gmail.com>>
Date: Saturday, 7 March 2020 at 23:30
To: Carlos Lopez <clo...@outlook.com<mailto:clo...@outlook.com>>
Cc: "misc@openbsd.org<mailto:misc@openbsd.org>"
<misc@openbsd.org<mailto:misc@openbsd.org>>
Subject: Re: Compiling Zeek 3.0.2 returns an error at final stage
Hi Carlos,
Check your node.cfg, the interface section
[zeek]
type=standalone
host=localhost
interface=eth0 <<<<<< might want to change it
On Sat, Mar 7, 2020 at 5:01 PM Carlos Lopez
<clo...@outlook.com<mailto:clo...@outlook.com>> wrote:
Many thanks for your answer Stuart ... Finally, I have compiled Zeek
3.0.3-dev.3 an all goes ok during compilation ... But zeek doesn't capture any
packet ... and tcpdump works without problems and I can see all traffic ...
--
Regards,
C. L. Martinez
On 07/03/2020, 22:08,
"owner-m...@openbsd.org<mailto:owner-m...@openbsd.org> on behalf of Stuart
Henderson" <owner-m...@openbsd.org<mailto:owner-m...@openbsd.org> on behalf of
s...@spacehopper.org<mailto:s...@spacehopper.org>> wrote:
On 2020-03-07, Carlos Lopez
<clo...@outlook.com<mailto:clo...@outlook.com>> wrote:
> Hi all,
>
> I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully
patched but compilation returns me the following error:
>
> [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
> [ 97%] Linking CXX executable zeek
> ld: error: unable to find library -llibbinpac.so.VERSION
> c++: error: linker command failed with exit code 1 (use -v to see
invocation)
> *** Error 1 in build (src/CMakeFiles/zeek.dir/build.make:1826
'src/zeek')
> *** Error 1 in build (CMakeFiles/Makefile2:1661
'src/CMakeFiles/zeek.dir/all')
> *** Error 1 in build (Makefile:152 'all')
> *** Error 1 in /root/builds/src/zeek-3.0.2 (Makefile:15 'all')
>
> But libbinpac.so exists compiled under the source dirs.:
>
> root@obsd66:~/builds/src/zeek-3.0.2# find . -name "*binpac.so"
> ./build/aux/binpac/lib/libbinpac.so
> root@obsd66:~/builds/src/zeek-3.0.2
>
> Any tip to solve this issue?
>
You're probably better off using the port. There is a fair chance that
if you update *just* the net/bro directory (the port dir wasn't renamed
but the package was) to -current that it will build, and if not, you'll
be closer to getting it working.
Or the easy option, update to -current, pkg_add zeek.
