Error with zeekctl netstats command

Hi everyone

Im facing the next error whenever I try to use the command “zeekctl netstats” to check the packets dropped.

worker-1-1: <error: Python bindings for Broker: No module named ipaddress>

And this with every other worker in 2 of 4 zeeks that we have deployed.

I have other 2 nodes in which this command run without any problem and all the machines has been installed following the same procedure. Also this 2 nodes in which the command runs well, don’t receive any traffic at this moment.

So I don’t know if this is something that we missed in the installation or is something produced by the amount of traffic.

Hope you can help me to resolve this issue.

Thanks you all!

Regards.

Jorge García Rodríguez
Technical Consultant
Security Infrastructures
jgarciar@sia.es

Grupo SIA
Avda.Europa,2 - Alcor Plaza, Edificio B - Parque Oeste Alcorcón
28922 Alcorcón - Madrid
Tlf: +34 902 480 580 Fax: +34 91 307 79 80
www.siainternational.com

delivering value

This e-mail and any attached files are intended solely for the addresse/s identified herein. It may contain confidential and/or legally privileged information and may not necessarily represent the opinion of SIA.

No legally binding commitments will be created by this E-mail message. Where we intend to create legally binding commitments these will be made through hard copy correspondence or documents. If you receive this message by mistake, please immediately notify the sender and delete it since you are not authorized to use, disclose, distribute, print or copy all or part of the contained information Thank you. It is understood that the message was sent to you accidentally, although you appear as the addressee, you can see from the frame of existing relations that you were not the final addressee.

The nodes with that error are using Python 2 and don't have the
required "ipaddress" backport from Python 3 installed (distros in the
RHEL or Debian families usually call their package
"python-ipaddress").

The nodes without that error are either using Python 2 and do have
"ipaddress" or are already using Python 3.

Aligning all nodes to use Python 3 is the ideal path since Python 2 is
EOL in ~20 days (Jan. 1).

- Jon