[Zeek] Bro upgrades, and plugins vs. packages, and bro-pkg

Eric Ooi ericooi at gmail.com
Fri Dec 21 10:04:24 PST 2018 

Thanks James.  The is helpful.

On Fri, Dec 21, 2018 at 1:08 AM James Lay <jlay at slave-tothe-box.net> wrote:

> So here we go.  I've attacked this with my lab and here are some
> thoughts/results.  Current state:
>
> bro-2.6 installed from source (config option --prefix=/opt/bro)
> bro-af_packet-plugin ja3 intel-seen-more domain-tld installed via
> bro-pkg
>
> after upgrading to bro-2.6.1 errors like the below:
>
> fatal error in /opt/bro/share/bro/base/init-bare.bro, line 1: cannot
> load plugin library
> /opt/bro/lib/bro/plugins/packages/bro-af_packet-plugin//lib/
> Bro-AF_Packet.linux-x86_64.so:
> /opt/bro/lib/bro/plugins/packages/bro-af_packet-plugin//lib/
> Bro-AF_Packet.linux-x86_64.so:
> undefined symbol: bro_version_2_6_plugin_6
>
> next up, remove and reinstall bro-af_backup-plugin:
>
> root@# bro-pkg remove bro-af_packet-plugin
> The following packages will be REMOVED:
>    bro/j-gras/bro-af_packet-plugin
>
> Proceed? [Y/n] y
> Removed "bro/j-gras/bro-af_packet-plugin"
> root@# bro-pkg install bro-af_packet-plugin
> The following packages will be INSTALLED:
>    bro/j-gras/bro-af_packet-plugin (1.3.0)
>
> Proceed? [Y/n] y
> Running unit tests for "bro/j-gras/bro-af_packet-plugin"
> [  0%] scripts.show-plugin ... failed
>    % 'bro -NN Bro::AF_Packet > output' failed unexpectedly (exit code 1)
>    % cat .stderr
>    fatal error in /opt/bro/share/bro/base/init-bare.bro, line 1: cannot
> load plugin library
>
> /root/.bro-pkg/testing/bro-af_packet-plugin/plugins/packages/bro-af_packet-plugin//lib/
> Bro-AF_Packet.linux-x86_64.so:
>
> /root/.bro-pkg/testing/bro-af_packet-plugin/plugins/packages/bro-af_packet-plugin//lib/
> Bro-AF_Packet.linux-x86_64.so:
> undefined symbol: bro_version_2_6_plugin_6
>
> 1 of 1 test failed
> error: bro/j-gras/bro-af_packet-plugin tests failed, inspect contents of
> /root/.bro-pkg/testing/bro-af_packet-plugin for details
> Proceed to install anyway? [N/y] n
> Abort.
>
> a thought occurs....modify /root/.bro-pkg/config -> bro_dist =
> /build/bro-2.6.1
>
> all works.  So long story short, the upgrade process going forward
> should be:
>
> ./configure, make, make install
> bro-pkg autoconfig
> bro-pkg refresh
>
> on from there.  It might be worthwhile to annotate somewhere in the
> README or create an UPGRADE in the tarball to reflect that bro-pkg will
> need some attention as well during the upgrade process.  Thank you!
>
> James
> _______________________________________________
> Zeek mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20181221/ed2ede69/attachment.html

More information about the Zeek mailing list