[Zeek] Traceback in summary email
Jon Siwek
jsiwek at corelight.com
Mon Apr 22 17:01:00 PDT 2019
On Mon, Apr 22, 2019 at 1:24 PM Mark Gardner <mkg at vt.edu> wrote:
>
> I am getting a traceback in the connection summary emails rather than useful information. I didn't have the Python SubnetTree package installed when I built, installed, and first started Zeek but have since installed it on the management/logger and all sensors.
That usually should get built/installed as part of the default Zeek
installation and you don't have to independently install it.
> I restarted Zeek but am still seeing the traceback.
Just double-checking: the message didn't change after independently
installing pysubnettree ? That would make sense since I expect
there's some explicit PYTHONPATH that's always picking up the version
installed with Bro/Zeek rather than the independently installed
version.
You could try comparing:
python -c "import SubnetTree"
versus:
PYTHONPATH=/usr/local/bro/lib/broctl python -c "import SubnetTree"
as a test of whether either version successfully gets imported.
> Suggestions on where to look next?
Probably would help to get more details/info that could help reproduce
the error.
What Zeek/Bro version ?
What operating system ?
What Python version and what `swig -version` ?
The full `./configure` command you used when building Zeek/Bro and its
output may be most helpful.
A guess is that the configuration failed to detect a valid/consistent
Python and somehow that botched the build/install of pysubnettree.
- Jon
More information about the Zeek
mailing list