[Zeek] zkg after CentOS zeek 3.1.1 rpm install

Johanna Amann johanna at icir.org
Fri Apr 10 16:47:17 PDT 2020


Also - make sure that you install the zeek development headers (assuming 
you use our rpms, the package is called zeek-devel

Johanna

On 10 Apr 2020, at 16:24, Eric Ooi wrote:

> The package likely isn’t compatible with Zeek 3.1 yet, since it 
> introduced significant changes.  However, you can install pf_ring 
> without using zkg: 
> https://docs.zeek.org/en/current/configuration/#installing-pf-ring 
> <https://docs.zeek.org/en/current/configuration/#installing-pf-ring>
>
> That said, the general recommendation nowadays is to go with 
> af_packet, of which there is a Zeek 3.1 compatible package: 
> https://packages.zeek.org/packages/view/6dedb9cc-5916-11ea-9321-0a645a3f3086 
> <https://packages.zeek.org/packages/view/6dedb9cc-5916-11ea-9321-0a645a3f3086>
>
> If you go that route, I’ve written a guide to get you started: 
> https://www.ericooi.com/zeekurity-zen-part-ii-zeek-package-manager/ 
> <https://www.ericooi.com/zeekurity-zen-part-ii-zeek-package-manager/>
>
> Hope that helps!
> Eric
>
>
>> On Apr 10, 2020, at 5:57 PM, Greg Grasmehr 
>> <greg.grasmehr at caltech.edu> wrote:
>>
>> Greetings,
>>
>> I'm trying to use zkg to install pf_ring, I have zeek 3.1.1 source
>> available, and the following in the config, but it still errors with
>>
>> Cannot determine Bro source directory, use --bro-dist=DIR
>>
>> Having bro_dist defined in the config makes no difference
>>
>> cat .zkg/config
>> [sources]
>> zeek = https://github.com/zeek/packages
>>
>> [paths]
>> state_dir = /home/zeek/.zkg
>> script_dir = /opt/zeek/share/zeek/site
>> plugin_dir = /opt/zeek/lib/zeek/plugins
>> zeek_dist = /tmp/zeek-3.1.1
>> bro_dist = /tmp/zeek-3.1.1
>>
>>
>>
>>
>> zkg --verbose install zeek/ntop/bro-pf_ring
>> The following packages will be INSTALLED:
>>  zeek/ntop/bro-pf_ring (master)
>>
>> Proceed? [Y/n] Y
>> Running unit tests for "zeek/ntop/bro-pf_ring"
>> error: failed to run tests for zeek/ntop/bro-pf_ring: package 
>> build_command failed, see log in 
>> /home/zeek/.zkg/logs/bro-pf_ring-build.log
>> Proceed to install anyway? [N/y] N
>> Abort.
>>
>>
>>
>> cat /home/zeek/.zkg/logs/bro-pf_ring-build.log
>> === STDERR ===
>> === STDOUT ===
>> Cannot determine Bro source directory, use --bro-dist=DIR.
>>
>> Thanks for any pointers.
>>
>> Stay Safe,
>>
>> Greg
>> _______________________________________________
>> Zeek mailing list
>> zeek at zeek.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek


More information about the Zeek mailing list