[Zeek] "bro-cluster-in-a-box-setup" to "zeek-cluster-in-a-box-setup"?
Justin Azoff
justin at corelight.com
Wed Feb 5 12:48:00 PST 2020
Hi!
It shouldn't be that hard to update to 3.x..
- bro-pkg should be swapped out with the renamed zkg
- the python2 references can likely be changed to 3
- caf no longer needs to be installed separately
- geoip and databases needs to be swapped out with maxminddb versions,
might need a license
- probably worth it to switch to af_packet from pf_ring.. pf_ring was only
used initially to easily support capturing directly from both halves of a
tap, which might not be a requirement anymore.
My schedule is a bit crazy for the next week, but once I have some time to
work on it I should be able to get things updated pretty quickly.. There's
really not much to it.
On Wed, Feb 5, 2020 at 12:38 PM Paul Sibley <Paul.Sibley at canarie.ca> wrote:
> Hello Zeek Community,
>
>
>
> I am working on a project where Zeek has been deployed in two phases.
> During the first phase, some participants used “
> https://github.com/ncsa/bro-cluster-in-a-box-setup” script to assist in,
> and automate a lot of the installation process.
>
> Since then we have entered the phase in our project where more
> participants have been added, CentOS 8 is preferred, and we are using Zeek
> 3.0.1.
>
> I wonder if any consideration, or work has been done, in updating the
> bro-cluster-in-a-box script to work with the updated OS and Zeek version.
> Any information would be appreciated.
>
>
>
> Thanks in advance,
>
> Paul Sibley
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200205/8c28d1bf/attachment.html
More information about the Zeek
mailing list