Hello,
I've been trying to get Zeek installed on a Clear linux distribution machine for a while. I know my way around linux enough to get this done from the github source, but what caused me so much trouble was a missing pre-requisite - the C++ Actor framework.
I'm not a linux beginner, and I installed all of the pre-requisits, but if this was added to the part of the instalation documentation under "To build Bro from source, the following additional dependencies are required:", installing from source would have been much smoother for me. If for some reason, this being left out is intentional, sorry to bring this up.
After setting up all of the. cfg files and runnung install and start in broctrl, I got the following error:
cl@clr-31868b162a544d5290cfe54c3dd15df1 /usr/local/bro/logs/current $ cat stderr.log
*** failed to set config parameter work-stealing.moderate-sleep-duration-us: invalid name
*** failed to set config parameter work-stealing.relaxed-sleep-duration-us: invalid name
/usr/local/bro/share/broctl/scripts/run-bro: line 110: 1211 Segmentation fault (core dumped) nohup "$mybro" "$@"
The proces did not start. Any suggestions how to solve this or any links to possibles hints for a solution would be appreciated.
I enjoyed the conference at Cern very much.
Thanks.
Dan.
Hello,
Last night I wrote about adding C++ Actor framework as a pre-requisite in the installation manual. Today I tried to install zeek in on my osx and noticed it gets recursivley cloned from the zeek github repo. Sorry to bring this up.
I haven’t resolved the second question about getting a segmentation fault when running zeek. Any help will be appreciated.
Thanks.
Dan.
There is no need to manually compile Zeek on ClearLinux, as it is included in the distribution.
swupd bundle-add network-security-monitoring
And Zeek is installed. You want to work-around the Zeek/ClearLinux incompatibility next
/usr/bin/rsync -aP /usr/share/bro /tmp
rm -rf /usr/share/bro
/usr/bin/rsync -aP /tmp/bro /usr/share/
ln -s /etc/bro/config/broctl.cfg /etc/broctl.cfg
ln -s /etc/bro/config/networks.cfg /etc/networks.cfg
ln -s /etc/bro/config/node.cfg /etc/node.cfg
Create the service user
useradd bro
chown -Rv bro:bro /var/lib/bro
chown -Rv bro:bro /usr/share/broctl/scripts
su - bro
broctl deploy
Getting a stack trace in a debugger (gdb / lldb) and sending that
would give us more hints.
- Jon
You installed CAF from somewhere? You likely just need to remove that
and let zeek install the specific version that it includes in
src/3rdparty/caf
Hey,
I tried a fresh install from the github repo on duplicate hardware, with the included CAF, and didn't get any segmentation fault errors when running it. Now its running and logging properly. I assume the stack trace wont be necessary. If for some reason, you want the gdb/llbd stack trace, I have that install available.
Thank for your responses and suggestions.
Dan.