[Zeek] (no subject)

Michał Purzyński michalpurzynski1 at gmail.com
Mon Apr 15 02:13:31 PDT 2019 

There is no need to manually compile Zeek on ClearLinux, as it is included
in the distribution.

swupd bundle-add  network-security-monitoring

And Zeek is installed. You want to work-around the Zeek/ClearLinux
incompatibility next

/usr/bin/rsync -aP /usr/share/bro /tmp
rm -rf /usr/share/bro
/usr/bin/rsync -aP /tmp/bro /usr/share/
ln -s /etc/bro/config/broctl.cfg /etc/broctl.cfg
ln -s /etc/bro/config/networks.cfg /etc/networks.cfg
ln -s /etc/bro/config/node.cfg /etc/node.cfg

Create the service user

useradd bro
chown -Rv bro:bro /var/lib/bro
chown -Rv bro:bro /usr/share/broctl/scripts

su - bro

broctl deploy

On Sat, Apr 13, 2019 at 9:58 PM Daniel Herakovic <dherakovic at hotmail.com>
wrote:
>
>
> Hello,
>
> I've been trying to get Zeek installed on a Clear linux distribution
machine for a while. I know my way around linux enough to get this done
from the github source, but what caused me so much trouble was a missing
pre-requisite - the C++ Actor framework.
>
> I'm not a linux beginner, and I installed all of the pre-requisits, but
if this was added to  the part of the instalation documentation under "To
build Bro from source, the following additional dependencies are
required:", installing from source would have been much smoother for me. If
for some reason, this being left out is intentional, sorry to bring this up.
>
> After setting up all of the. cfg files and runnung install and start in
broctrl, I got the following error:
>> cl at clr-31868b162a544d5290cfe54c3dd15df1 /usr/local/bro/logs/current $ cat
stderr.log
> *** failed to set config parameter
work-stealing.moderate-sleep-duration-us: invalid name
> *** failed to set config parameter
work-stealing.relaxed-sleep-duration-us: invalid name
> /usr/local/bro/share/broctl/scripts/run-bro: line 110: 1211 Segmentation
fault      (core dumped) nohup "$mybro" "$@"‎
>
> The proces did not start. Any suggestions how to solve this or any links
to possibles hints for a solution would be appreciated.
>
> I enjoyed the conference at Cern very much.
>
> Thanks.
>
> Dan.
>
>
>
>
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190415/e185a363/attachment.html

More information about the Zeek mailing list