[Zeek] Running Script in a Cluster
Joseph Kvedaras
jokvedaras at gmail.com
Fri Aug 9 07:32:33 PDT 2019
Figured it out... Permissions issue on the file. The combined stderr.log
was not populated but I now see the error when running 'zeekctl diag' and
looking under the stderr.log for the sensor.
--
On Fri, Aug 9, 2019 at 9:38 AM Joseph Kvedaras <jokvedaras at gmail.com> wrote:
> Hey,
>
> I'm working with Zeek scripts and I am running in an issue getting my
> script to execute when zeek is running as a cluster. The script executes
> when I start zeek w/ a pcap file. The script executes when I start zeek on
> the command line, bind to the interface, and playback that pcap. The
> script does not execute when I start zeek as cluster and playback the pcap
> file. Other scripts, like 'extract-all-files.bro' run all 3 ways but in
> the cluster, will not write my added print outs to the stdout file in
> cluster mode. I have also confirmed that my scripts are being loaded by
> the logging module when I run "zeekctl diag". I feel like I'm missing
> something. Does anyone know what it is?
>
> Thanks
> --
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190809/fe9bf302/attachment-0001.html
More information about the Zeek
mailing list