clopmz
November 9, 2020, 9:03am
1
Hi all,
I’m trying to install a new server with Zeek 3.0.11 under RHEL8 and when I try to install the af_packet plugin I get the following error:
scripts.show-plugin … failed
% ‘btest-diff output’ failed unexpectedly (exit code 1)
% cat .diag
== File ===============================
== Diff ===============================
— /tmp/test-diff.37542.output.baseline.tmp 2020-11-09 08:58:38.353727203 +0000
+++ /tmp/test-diff.37542.output.tmp 2020-11-09 08:58:38.347727173 +0000
@@ -1,10 +0,0 @@
-Zeek::AF_Packet - Packet acquisition via AF_Packet (dynamic, version)
[Packet Source] AF_PacketReader (interface prefix “af_packet”; supports live input)
[Type] AF_Packet::FanoutMode
[Constant] AF_Packet::buffer_size
[Constant] AF_Packet::enable_hw_timestamping
[Constant] AF_Packet::enable_fanout
[Constant] AF_Packet::enable_defrag
[Constant] AF_Packet::fanout_mode
[Constant] AF_Packet::fanout_id
The diff in the test failure is because Zeek failed to load the plugin. I’m guessing this is due to the non-standard install location. Did you run “zkg autoconfig?” Can you provide your zkg configuration file, ~/.zkg/zkg.conf as whatever user you tried running zkg?
–Vlad
clopmz
November 9, 2020, 4:01pm
3
Uhmm … I have the same config in another RHEL8 host and works without problems:
zeek@rhelzeek05:~/.zkg$ ls -al
total 8
drwxr-xr-x. 8 zeek idps 133 Nov 9 15:49 .
drwx------. 7 zeek idps 167 Nov 9 15:48 …
drwxr-xr-x. 4 zeek idps 35 Nov 9 15:48 clones
-rw-r–r–. 1 zeek idps 205 Nov 9 15:59 config
drwxr-xr-x. 2 zeek idps 45 Nov 9 15:49 logs
-rw-r–r–. 1 zeek idps 164 Nov 9 15:49 manifest.json
drwxr-xr-x. 2 zeek idps 6 Nov 9 15:49 plugin_dir
drwxr-xr-x. 4 zeek idps 48 Nov 9 15:51 scratch
drwxr-xr-x. 2 zeek idps 6 Nov 9 15:49 script_dir
drwxr-xr-x. 3 zeek idps 35 Nov 9 15:50 testing
zeek@ rhelzeek05:~/.zkg$ more config
[sources]
zeek = https://github.com/zeek/packages
[paths]
state_dir = /nsm/zeek/.zkg
script_dir = /opt/zeek/share/zeek/site
plugin_dir = /opt/zeek/lib/zeek/plugins
zeek_dist = /usr/local/src/zeek-3.0.11