[Zeek] Running Script in a Cluster

Joseph Kvedaras jokvedaras at gmail.com
Fri Aug 9 07:32:33 PDT 2019


Figured it out... Permissions issue on the file.  The combined stderr.log
was not populated but I now see the error when running 'zeekctl diag' and
looking under the stderr.log for the sensor.

-- 



On Fri, Aug 9, 2019 at 9:38 AM Joseph Kvedaras <jokvedaras at gmail.com> wrote:

> Hey,
>
> I'm working with Zeek scripts and I am running in an issue getting my
> script to execute when zeek is running as a cluster.  The script executes
> when I start zeek w/ a pcap file.  The script executes when I start zeek on
> the command line, bind to the interface, and playback that pcap.  The
> script does not execute when I start zeek as cluster and playback the pcap
> file.  Other scripts, like 'extract-all-files.bro'  run all 3 ways but in
> the cluster, will not write my added print outs to the stdout file in
> cluster mode.  I have also confirmed that my scripts are being loaded by
> the logging module when I run "zeekctl diag".  I feel like I'm missing
> something.  Does anyone know what it is?
>
> Thanks
> --
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190809/fe9bf302/attachment-0001.html 


More information about the Zeek mailing list