Hi
I am deploying after bro / 2.6.6.1 / configure && make && sudo make install.
I am trying to change from bro(version:2.6.1) to Zeek (version:3.0.0) under ubuntu environment.
For that I want to uninstall bro2.6.1, can you please tell me the procedure.
For example, is it the procedure to stop with broctl and then delete the folder of /usr/local/bro?
Best Regards,
Satoshi Ito
Yeah, that's basically the uninstall process:
* broctl stop
* if you made any customizations to /usr/local/bro/etc/* or
/usr/local/bro/share/bro/site/local.bro, you may want to save those to
port to Zeek 3.0.x installation
* by default, all files live under /usr/local/bro/ prefix so deleting
that should be everything
- Jon
Hi,
May I suggest a tip I use ?
I always install "Zeek" into a specific directory then use a logical link.
Please note that you should use the logical link in your config files.
Example:
(Today).
# ./configure --prefix=/op/zeek-3.0.1; make; make install
# cd /opt/
# ln -s zeek-3.0.1 zeek
(Tomorrow).
# ./configure --prefix=/op/zeek-3.0.2; make; make install
# cd /opt/
# rm zeek
# ln -s zeek-3.0.2 zeek
With such setup, you just have to copy *.cfg and the local policies
you use into the new directory.
If your setup refers to /opt/zeek, it's easy to switch back to old
version if you need it.
Cheers.
Jean-Philippe.
That’s a great tip!
Jean-Philippe, I forgot that I used to build that into my scripts. Appreciate the reminder.
Patrick Kelley, CISSP, C|EH, ITIL
CTO
patrick.kelley@criticalpathsecurity.com
May I suggest building packages with Zeek? Just a good sysadmin’s practice 
Or using Johanna’s excellent packages
https://www.zeek.org/download/packages.html
Awesome, thanks for the information!