Traceback in summary email

Zeek
1

I am getting a traceback in the connection summary emails rather than useful information. I didn’t have the Python SubnetTree package installed when I built, installed, and first started Zeek but have since installed it on the management/logger and all sensors. I restarted Zeek but am still seeing the traceback. Suggestions on where to look next?

Traceback (most recent call last):
File “/usr/local/bro/bin/trace-summary”, line 22, in
import SubnetTree
File “/usr/local/bro/lib/broctl/SubnetTree.py”, line 21, in
_SubnetTree = swig_import_helper()
File “/usr/local/bro/lib/broctl/SubnetTree.py”, line 20, in swig_import_helper
return importlib.import_module(’_SubnetTree’)
File “/usr/lib/python2.7/importlib/init.py”, line 37, in import_module
import(name)
ImportError: dynamic module does not define init function (init_SubnetTree)

2

I am getting a traceback in the connection summary emails rather than useful information. I didn't have the Python SubnetTree package installed when I built, installed, and first started Zeek but have since installed it on the management/logger and all sensors.

That usually should get built/installed as part of the default Zeek
installation and you don't have to independently install it.

I restarted Zeek but am still seeing the traceback.

Just double-checking: the message didn't change after independently
installing pysubnettree ? That would make sense since I expect
there's some explicit PYTHONPATH that's always picking up the version
installed with Bro/Zeek rather than the independently installed
version.

You could try comparing:

    python -c "import SubnetTree"

versus:

    PYTHONPATH=/usr/local/bro/lib/broctl python -c "import SubnetTree"

as a test of whether either version successfully gets imported.

Suggestions on where to look next?

Probably would help to get more details/info that could help reproduce
the error.

What Zeek/Bro version ?

What operating system ?

What Python version and what `swig -version` ?

The full `./configure` command you used when building Zeek/Bro and its
output may be most helpful.

A guess is that the configuration failed to detect a valid/consistent
Python and somehow that botched the build/install of pysubnettree.

- Jon

3

You could try comparing:

python -c “import SubnetTree”

versus:

PYTHONPATH=/usr/local/bro/lib/broctl python -c “import SubnetTree”

as a test of whether either version successfully gets imported.

This could be the difference:

python -c "import SubnetTree" PYTHONPATH=/usr/local/bro/lib/broctl python -c “import SubnetTree”
Traceback (most recent call last):
File “”, line 1, in
File “/usr/local/bro/lib/broctl/SubnetTree.py”, line 21, in
_SubnetTree = swig_import_helper()
File “/usr/local/bro/lib/broctl/SubnetTree.py”, line 20, in swig_import_helper
return importlib.import_module(‘_SubnetTree’)
File “/usr/lib/python2.7/importlib/init.py”, line 37, in import_module
import(name)
ImportError: dynamic module does not define init function (init_SubnetTree)

Suggestions on where to look next?

Probably would help to get more details/info that could help reproduce
the error.

What Zeek/Bro version ?

2.6-167 built from source

What operating system ?

Debian 9 “Stretch”

What Python version and what swig -version ?

$ python --version
Python 2.7.13

$ python3 --version
Python 3.5.3

$ swig -version

SWIG Version 3.0.10
Compiled with g++ [x86_64-pc-linux-gnu]
Configured options: +pcre

The full ./configure command you used when building Zeek/Bro and its
output may be most helpful.

$ CC=clang CXX=clang++ ./configure

The version of clang I am using:

$ clang --version

clang version 3.8.1-24 (tags/RELEASE_381/final)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

A guess is that the configuration failed to detect a valid/consistent
Python and somehow that botched the build/install of pysubnettree.

It looks like the two versions of python are installed. That could be the problem as Python 2.7 is found for the interpreter but 3.5 is found for libraries. The following lines are taken from the configuration output:

– Found PythonInterp: /usr/bin/python (found version “2.7.13”)

– Found PythonLibs: /usr/lib/x86_64-linux-gnu/libpython3.5m.so (found version “3.5.3”)
– Found PythonDev: /usr/include/python3.5m

To test the theory, I will rebuild explicitly specifying the version of python:
$ CC=clang CXX=clang++ ./configure --with-python=/usr/bin/python --with-python-lib=/usr/lib/x86_64-linux-gnu/libpython2.7.so --with-python-inc=/usr/include/python2.7

I’ll let you know how it turns out once the build finishes and I am able to test it.

Mark

4

Was it the same traceback before? The broctl bundles subnettree, so
you should have already had it in the form of these 2 files:

/usr/local/bro/lib/broctl/_SubnetTree.so
/usr/local/bro/lib/broctl/SubnetTree.py

now it looks like you have 2 incompatible versions of it installed
that are conflicting with each other.