[Zeek] How to turn verbose on (Can't load packages)?

Mauricio Tavares raubvogel at gmail.com
Wed Apr 1 11:55:17 PDT 2020 

On Wed, Apr 1, 2020 at 2:26 PM Justin Azoff <justin at corelight.com> wrote:
>
> Ah, you're trying to install some packages that have been updated to
> work with zeek on an older bro installation.  Can you upgrade to zeek
> 3.0.3 ?
>
      Unfortunately not as of now. A few months later, maybe. Am I SOL
or there is a way to get the older versions of said packages if that
is what it takes?

> On Wed, Apr 1, 2020 at 11:24 AM Mauricio Tavares <raubvogel at gmail.com> wrote:
> >
> > On Tue, Mar 31, 2020 at 2:52 PM Jon Siwek <jsiwek at corelight.com> wrote:
> > >
> > > On Tue, Mar 31, 2020 at 11:39 AM Mauricio Tavares <raubvogel at gmail.com> wrote:
> > >
> > > >       In that case, I think I am in trouble because I did use zkg
> > >
> > > What's the output of `zkg config` ?
> > >
> > > Did you previously run `zkg autoconfig` ?
> > >
> > > If you don't do any configuration, the default location for zkg to
> > > install packages is in $HOME/.zkg rather than inside your Zeek install
> > > prefix and could explain why your `@load packages` doesn't find
> > > anything.
> > >
> > > - Jon
> >
> > Thanks for everyone's replies! Yes, I was indeed missing `zkg
> > autoconfig` as you all guessed. After running I have
> >
> > [root at bro scratch]# zkg config
> > [sources]
> > zeek = https://github.com/zeek/packages
> >
> > [paths]
> > state_dir = /root/.zkg
> > script_dir = /usr/local/bro/share/bro/site
> > plugin_dir = /usr/local/bro/lib/bro/plugins
> > zeek_dist = /usr/local/bro
> >
> > [root at bro scratch]#
> >
> > I then installed the packages and then ran `broctl check` whose errors
> > now at least indicate I have progress:
> >
> > [root at bro scratch]# broctl check
> > Hint: Run the broctl "deploy" command to get started.
> > manager scripts failed.
> > error in /usr/local/bro/share/bro/site/packages/__load__.bro, line 3:
> > Failed to open package
> > '/usr/local/bro/share/bro/site/packages/./add-node-names': missing
> > '__load__.bro' file
> > fatal error in /usr/local/bro/share/bro/site/packages/__load__.bro,
> > line 3: can't open
> > /usr/local/bro/share/bro/site/packages/./add-node-names/__load__.bro
> > [...]
> > [root at bro scratch]#
> >
> > Now, if I look at __load__.bro
> >
> > [root at bro scratch]# cat /usr/local/bro/share/bro/site/packages/__load__.bro
> > # WARNING: This file is managed by zkg.
> > # Do not make direct modifications here.
> > @load ./add-node-names
> > @load ./bro-shellshock
> > @load ./credit-card-exposure
> > @load ./domain-tld
> > @load ./file-extraction
> > @load ./ssn-exposure
> > @load ./top-dns
> > @load ./venom
> > @load ./zeek-cryptomining
> > [root at bro scratch]#
> >
> > all is it doing is loading files off the
> > /usr/local/bro/share/bro/site/packages/ dir
> >
> > [root at bro scratch]# ls -l /usr/local/bro/share/bro/site/packages/
> > total 8
> > -rw-r--r-- 1 root root  98 Mar 31 19:24 README
> > lrwxrwxrwx 1 root root  13 Apr  1 11:56 __load__.bro -> packages.zeek
> > lrwxrwxrwx 1 root root  13 Apr  1 11:56 __load__.zeek -> packages.zeek
> > drwxr-xr-x 2 root root  54 Mar 31 19:28 add-node-names
> > drwxr-xr-x 2 root root  95 Mar 31 19:27 bro-shellshock
> > drwxr-xr-x 2 root root  62 Mar 31 19:28 credit-card-exposure
> > drwxr-xr-x 2 root root  62 Mar 31 19:27 domain-tld
> > drwxr-xr-x 3 root root 106 Mar 31 19:27 file-extraction
> > lrwxrwxrwx 1 root root  13 Apr  1 11:56 packages.bro -> packages.zeek
> > -rw-r--r-- 1 root root 276 Apr  1 11:56 packages.zeek
> > drwxr-xr-x 2 root root  42 Mar 31 19:28 ssn-exposure
> > drwxr-xr-x 2 root root  42 Mar 31 19:27 top-dns
> > drwxr-xr-x 2 root root  60 Mar 31 19:27 venom
> > drwxr-xr-x 3 root root 112 Mar 31 19:28 zeek-cryptomining
> > [root at bro scratch]#
> >
> > I do not know how it is going from that to trying to open
> > /usr/local/bro/share/bro/site/packages/./add-node-names/__load__.bro
>
>
>
> --
> Justin

More information about the Zeek mailing list