[Zeek] capstats

Justin Azoff justin at corelight.com
Wed Dec 4 17:25:49 PST 2019


If you're using that setcap plugin you also need to run setcap on ..../
bin/capstats

On Wed, Dec 4, 2019 at 5:34 PM Scot Harris <SHARRIS at hollywoodfl.org> wrote:

> Noticed this while running zeekctl
>
>
>
> Ran the capstats command with this result:
>
>
>
> [ZeekControl] > capstats
>
> Interface             kpps       mbps       (10s average)
>
> ----------------------------------------
>
> worker-1-1: capstats failed (error: eno1: You don't have permission to
> capture on that device (socket: Operation not permitted))
>
> worker-3-1: capstats failed (error: eno1: You don't have permission to
> capture on that device (socket: Operation not permitted))
>
>
>
>
>
>
>
> Run status:
>
>
>
>
>
> [ZeekControl] > status
>
> Name         Type    Host             Status    Pid    Started
>
> logger       logger  10.1.1.15        running   5656   03 Dec 11:24:51
>
> manager      manager 10.1.1.15        running   5783   03 Dec 11:24:53
>
> proxy-1      proxy   10.1.1.15        running   5834   03 Dec 11:24:54
>
> worker-1-1   worker  10.1.1.15        running   6026   03 Dec 11:24:55
>
> worker-1-2   worker  10.1.1.15        running   6027   03 Dec 11:24:55
>
> worker-2-1   worker  10.1.1.15        running   6031   03 Dec 11:24:55
>
> worker-2-2   worker  10.1.1.15        running   6030   03 Dec 11:24:55
>
> worker-3-1   worker  10.1.7.186       running   9937   04 Dec 17:16:56
>
> worker-3-2   worker  10.1.7.186       running   9995   04 Dec 17:17:23
>
> worker-4-1   worker  10.1.7.186       running   10040  04 Dec 17:17:29
>
> worker-4-2   worker  10.1.7.186       running   10085  04 Dec 17:17:32
>
>
>
>
>
> Seems like the capstats command is incorrect.
>
>
>
> They system is collecting data.
>
>
>
> The workers that are listed are the first ones on each device.
>
>
>
> This is zeek 3.0.
>
>
>
>
> __________________________________________
> *Scot Harris*
> Network Engineer
> City of Hollywood
> Information Technology
>
> P.O. Box 229045
> Hollywood, FL 33022-9045
> Office: 954-921-3304
> E-mail: SHARRIS at hollywoodfl.org
> [image: www.hollywoodfl.org]
> Notice: Florida has a broad public records law. All correspondence sent to
> the City of Hollywood via e-mail may be subject to disclosure as a matter
> of public record.
> __________________________________________
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek



-- 
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191204/5c3ec3ac/attachment.html 


More information about the Zeek mailing list