I keep getting crashes every time I try to start Zeek. I suspect my config files are up to no good b/c I blew away my previous instance for the latest version:
ZeekLogs]# zeekctl diag
[zeek]No core file found.
Zeek 5.0.2
Linux 5.19.12-100.fc35.aarch64Zeek plugins: (none found)
==== reporter.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path reporter
#open 2022-10-16-21-40-43
#fields ts level message location==== stderr.log
listening on eth0error in /usr/local/zeek/spool/installed-scripts-do-not-touch/auto/standalone-layout.zeek, line 6: Failed to listen on INADDR_ANY:47760 (Broker::listen(Broker::default_listen_address, Broker::default_port, Broker::default_listen_retry))
fatal error: errors occurred while initializing==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited==== .cmdline
-i eth0 -U .status -p zeekctl -p zeekctl-live -p standalone -p local -p zeek local.zeek zeekctl zeekctl/standalone zeekctl/auto==== .env_vars
PATH=/usr/local/zeek/bin:/usr/local/zeek/share/zeekctl/scripts:/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/local/zeek/bin/
ZEEKPATH=/usr/local/zeek/spool/installed-scripts-do-not-touch/site::/usr/local/zeek/spool/installed-scripts-do-not-touch/auto:/usr/local/zeek/share/zeek:/usr/local/zeek/share/zeek/policy:/usr/local/zeek/share/zeek/site:/usr/local/zeek/share/zeek/builtin-plugins
CLUSTER_NODE===== .status
TERMINATED [fatal_error]==== No prof.log
==== packet_filter.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path packet_filter
#open 2022-10-16-21-40-43
#fields ts node filter init success
#types time string string bool bool==== loaded_scripts.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path loaded_scripts
#open 2022-10-16-21-40-43
#fields name
#types string
Config files:
networks.cfg
# List of local networks in CIDR notation, optionally followed by a
# descriptive tag.
# For example, "10.0.0.0/8" or "fe80::/64" are valid prefixes.
192.168.1.1/24 Internal_IP_space
xxx.xxx.xxx.xxx/32 External_IP_address
node.cfg:
# Example ZeekControl node configuration.
#
# This example has a standalone node ready to go except for possibly changing
# the sniffing interface.
# This is a complete standalone configuration. Most likely you will
# only need to change the interface.
[zeek]
type=standalone
host=localhost
interface=eth0
zeekctl.cfg:
## Global ZeekControl configuration file.
###############################################
# Mail Options
# Recipient address for all emails sent out by Zeek and ZeekControl.
MailTo = root@localhost
# Mail connection summary reports each log rotation interval. A value of 1
# means mail connection summaries, and a value of 0 means do not mail
# connection summaries. This option has no effect if the trace-summary
# script is not available.
MailConnectionSummary = 1
# Lower threshold (in percentage of disk space) for space available on the
# disk that holds SpoolDir. If less space is available, "zeekctl cron" starts
# sending out warning emails. A value of 0 disables this feature.
MinDiskSpace = 5
# Send mail when "zeekctl cron" notices the availability of a host in the
# cluster to have changed. A value of 1 means send mail when a host status
# changes, and a value of 0 means do not send mail.
MailHostUpDown = 1
###############################################
# Logging Options
# Rotation interval in seconds for log files on manager (or standalone) node.
# A value of 0 disables log rotation.
LogRotationInterval = 3600
# Expiration interval for archived log files in LogDir. Files older than this
# will be deleted by "zeekctl cron". The interval is an integer followed by
# one of these time units: day, hr, min. A value of 0 means that logs
# never expire.
LogExpireInterval = 0
# Enable ZeekControl to write statistics to the stats.log file. A value of 1
# means write to stats.log, and a value of 0 means do not write to stats.log.
StatsLogEnable = 1
# Number of days that entries in the stats.log file are kept. Entries older
# than this many days will be removed by "zeekctl cron". A value of 0 means
# that entries never expire.
StatsLogExpireInterval = 0
###############################################
# Other Options
# Show all output of the zeekctl status command. If set to 1, then all output
# is shown. If set to 0, then zeekctl status will not collect or show the peer
# information (and the command will run faster).
StatusCmdShowAll = 0
# Number of days that crash directories are kept. Crash directories older
# than this many days will be removed by "zeekctl cron". A value of 0 means
# that crash directories never expire.
CrashExpireInterval = 0
# Site-specific policy script to load. Zeek will look for this in
# $PREFIX/share/zeek/site. A default local.zeek comes preinstalled
# and can be customized as desired.
SitePolicyScripts = local.zeek
# Location of the log directory where log files will be archived each rotation
# interval.
LogDir = /ZeekLogs
# Location of the spool directory where files and data that are currently being
# written are stored.
SpoolDir = /usr/local/zeek/spool
# Location of the directory in which the databases for Broker datastore backed
# Zeek tables are stored.
BrokerDBDir = /usr/local/zeek/spool/brokerstore
# Location of other configuration files that can be used to customize
# ZeekControl operation (e.g. local networks, nodes).
CfgDir = /usr/local/zeek/etc
OS: Fedora Linux 35 (5.19.12-100.fc35.aarch64)
RPi 4B
No disk space issues