Running Script in a Cluster

Joseph_Kvedaras · August 9, 2019, 1:38pm

Hey,

I’m working with Zeek scripts and I am running in an issue getting my script to execute when zeek is running as a cluster. The script executes when I start zeek w/ a pcap file. The script executes when I start zeek on the command line, bind to the interface, and playback that pcap. The script does not execute when I start zeek as cluster and playback the pcap file. Other scripts, like ‘extract-all-files.bro’ run all 3 ways but in the cluster, will not write my added print outs to the stdout file in cluster mode. I have also confirmed that my scripts are being loaded by the logging module when I run “zeekctl diag”. I feel like I’m missing something. Does anyone know what it is?

Thanks

Joseph_Kvedaras · August 9, 2019, 2:32pm

Figured it out… Permissions issue on the file. The combined stderr.log was not populated but I now see the error when running ‘zeekctl diag’ and looking under the stderr.log for the sensor.

Topic		Replies	Views
print Zeek	2	50	May 6, 2022
Logging Issue after upgrade to LTS 5.0.0 Zeek	19	1060	May 9, 2023
Problem with trace file in Zeek Zeek	2	155	April 17, 2023
Where to get detect-webapps log file? Zeek	4	83	May 6, 2022
Creating a module and accessing an event in another script Zeek	26	177	May 6, 2022

Running Script in a Cluster

Related Topics