[Zeek] Traceback in summary email

Mark Gardner mkg at vt.edu
Tue Apr 23 13:10:57 PDT 2019 

On Mon, Apr 22, 2019 at 8:01 PM Jon Siwek <jsiwek at corelight.com> wrote:

> You could try comparing:
>
>     python -c "import SubnetTree"
>
> versus:
>
>     PYTHONPATH=/usr/local/bro/lib/broctl python -c "import SubnetTree"
>
> as a test of whether either version successfully gets imported.
>

This could be the difference:

$ python -c "import SubnetTree"
$ PYTHONPATH=/usr/local/bro/lib/broctl python -c "import SubnetTree"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/local/bro/lib/broctl/SubnetTree.py", line 21, in <module>
    _SubnetTree = swig_import_helper()
  File "/usr/local/bro/lib/broctl/SubnetTree.py", line 20, in
swig_import_helper
    return importlib.import_module('_SubnetTree')
  File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
    __import__(name)
ImportError: dynamic module does not define init function (init_SubnetTree)


> > Suggestions on where to look next?
>
> Probably would help to get more details/info that could help reproduce
> the error.
>
> What Zeek/Bro version ?
>

2.6-167 built from source


> What operating system ?
>

Debian 9 "Stretch"

> What Python version and what `swig -version` ?
>

$ python --version
Python 2.7.13
$ python3 --version
Python 3.5.3
$ swig -version
SWIG Version 3.0.10
Compiled with g++ [x86_64-pc-linux-gnu]
Configured options: +pcre

The full `./configure` command you used when building Zeek/Bro and its
> output may be most helpful.
>

$ CC=clang CXX=clang++ ./configure

The version of clang I am using:

$ clang --version
clang version 3.8.1-24 (tags/RELEASE_381/final)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

A guess is that the configuration failed to detect a valid/consistent
> Python and somehow that botched the build/install of pysubnettree.
>

It looks like the two versions of python are installed. That could be the
problem as Python 2.7 is found for the interpreter but 3.5 is found for
libraries. The following lines are taken from the configuration output:

...
-- Found PythonInterp: /usr/bin/python (found version "2.7.13")
...
-- Found PythonLibs: /usr/lib/x86_64-linux-gnu/libpython3.5m.so (found
version "3.5.3")
-- Found PythonDev: /usr/include/python3.5m

To test the theory, I will rebuild explicitly specifying the version of
python:
$ CC=clang CXX=clang++ ./configure --with-python=/usr/bin/python
--with-python-lib=/usr/lib/x86_64-linux-gnu/libpython2.7.so
--with-python-inc=/usr/include/python2.7

I'll let you know how it turns out once the build finishes and I am able to
test it.

Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190423/4986660c/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6312 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190423/4986660c/attachment.bin

More information about the Zeek mailing list