[Zeek] Zeek and Broker versions.
Jon Siwek
jsiwek at corelight.com
Thu Feb 6 18:43:35 PST 2020
On Thu, Feb 6, 2020 at 2:16 PM James Hughes <japhughe at ucsc.edu> wrote:
> I am new to this list and would like help debugging a connection from Zeek 3.0.1 to a machine running a broker python application. Broker is locally compiled version 1.2.4. This setup used to work, but now we have upgraded to 3.0.1 and it is no longer working.
>From what version are you upgrading and are both hosts being upgraded
to matching versions? Zeek 3.0.1 does use Broker 1.2.4 and if the
Python application is also on Broker 1.2.4, that should work. There
is indeed potential for version mismatches and only recent development
versions help report debug logs and that situation better, so you
might need to do some more crude troubleshooting steps, like starting
from scratch with some smaller toy scripts like this one:
https://docs.zeek.org/projects/broker/en/stable/python.html#exchanging-zeek-events
See if you get it working within a single host, then both hosts, then
add more complexity to make it more similar to the actual scripts that
you found are broken. If it breaks along the way, you've at least
narrowed it down to something we can try to reproduce and troubleshoot
with you.
Also was thinking if you suspect a version mismatch, it could matter
how you are building Zeek/Broker. If you use the git repository, and
forget to update git submodules you could accidentally end up with
mismatched Zeek, Broker, or CAF (internal Broker dependency) versions.
- Jon
More information about the Zeek
mailing list