OK, maybe it’s cause it’s the end of the week and my brain is fried, but I can’t find the documentation to uninstall zeek.
Basically, I need to remove an old version from one server so I can install a new version somewhere else…
a link to the documentation would be great…
thanks
zeek version 4.0.1
Hey Craig,
OK, maybe it's cause it's the end of the week and my brain is fried, but I
can't find the documentation to uninstall zeek.
That's because you can't -- you must now run it for all eternity.
(kidding!)
Basically, I need to remove an old version from one server so I can install
a new version somewhere else...a link to the documentation would be great....
There's no uninstall target in our distribution, but uninstalling should be pretty straightforward. Assuming you installed from source:
- Simply rm -rf the zeek directory you installed into
If you used zkg:
- If you installed it from pip, "pip uninstall zkg"
- If you have a ~/.zkg folder, rm -rf that as well.
You may want to check out our binary packages:
They'll simplify installing when you return, and uninstalling further down the road as well.
Best,
Christian
I overlooked two things:
There's no uninstall target in our distribution
You can use cmake's generated manifest (see build/install_manifest.txt) for a list of files to remove, which is much more surgical than ...
- Simply rm -rf the zeek directory you installed into
... this, which only works when you configured with a --prefix that installs Zeek into a unique destination.
Hope this helps,
Christian
> - Simply rm -rf the zeek directory you installed into
Make sure your logs are copied over - since `zeek/logs` by default store the logs.
... this, which only works when you configured with a --prefix that installs
Zeek into a unique destination.
I generally go/install with the model of prefixes and symlinks
build zeek with --prefix=/usr/local/zeek-<version> and then have a symlink
pointing to zeek:
/usr/local/zeek-4.2.0 -> zeek
/usr/local/zeek->4.5.1
symlinks depend on what version is in play!
Also, I try to symlink zeek/logs and spool to a more permanent place outside of zeek
install
eg: zeek/logs -> /data/zeek/logs
zeek/spool -> /data/zeek/spool
That way irrespective of versions logs and spool are pointed outside zeek
install.
I am sure there are bother better ways, these symlinks model has historically
worked/scaled here for us.
Aashish
Yeah, I'm so used to it as well that it slipped my mind that people might not specify a dedicated --prefix. The docs mention it, but they don't highlight its benefits.
Best,
Christian
Thanks everyone!
Well… somewhere along this seemingly simple journey, I’ve gone an botched things up.
Error below:
root@ip-x.x.x.x:/opt# apt-get purge zeek
Reading package lists… Done
Building dependency tree
Reading state information… Done
Package ‘zeek’ is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up zeek-core (4.2.0-0) …
chgrp: cannot access ‘/opt/zeek/share/zeek/site’: No such file or directory
chgrp: cannot access ‘/opt/zeek/share/zeek/site/local*.zeek’: No such file or directory
chmod: cannot access ‘/opt/zeek/share/zeek/site’: No such file or directory
chmod: cannot access ‘/opt/zeek/share/zeek/site/local*.zeek’: No such file or directory
dpkg: error processing package zeek-core (–configure):
installed zeek-core package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of zeekctl:
zeekctl depends on zeek-core (= 4.2.0-0); however:
Package zeek-core is not configured yet.
dpkg: error processing package zeekctl (–configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
Errors were encountered while processing:
zeek-core
zeekctl
E: Sub-process /usr/bin/dpkg returned an error code (1)
And that’s it.
The /opt/zeek directory had already been removed.
Do I have to reinstall with apt-get install zeek to then be able to do a clean purge?