[Zeek] Error on startup
Patrick Kelley
patrick.kelley at criticalpathsecurity.com
Mon Jan 6 12:49:42 PST 2020
This was resolved sidebar.
Listener was holding the process and port.
####
Did you reboot in between the changes? I would do that are perform a...
netstat -tanp | grep 47761 and kill any open associated processes.
INADDR_ANY:47761 tells me something might be open.
On Mon, Jan 6, 2020 at 3:29 PM Scot Harris <SHARRIS at hollywoodfl.org> wrote:
> I think I caused this problem by trying to change the directory where the
> spool data is processed.
>
>
>
> Changing that back did not correct the problem.
>
>
>
> Unable to startup zeek at this time.
>
>
>
>
>
>
>
> [zeek at heimdallr logger]$ zeekctl start
>
>
>
> Warning: ZeekControl plugin uses legacy BroControl API. Use
>
> 'import ZeekControl.plugin' instead of 'import BroControl.plugin'
>
>
>
> starting logger ...
>
> Error: logger terminated immediately after starting; check output with
> "diag"
>
>
>
>
>
>
>
>
>
> error in
> /opt/zeek/share/zeek/base/frameworks/cluster/./setup-connections.zeek,
> lines 93-95: Failed to listen on INADDR_ANY:47761
> (Broker::listen(Broker::default_listen_address, Cluster::self$p,
> Broker::default_listen_retry))
>
> warning: WriterFrontend cluster/Log::WRITER_ASCII expected 3 fields in
> write, got 4. Skipping line.
>
> fatal error: errors occurred while initializing
>
>
>
>
>
>
>
>
>
> Any ideas appreciated.
>
>
>
> Thank you.
>
>
>
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
*Patrick Kelley, CISSP, C|EH, ITIL*
*CTO*
patrick.kelley at criticalpathsecurity.com
(o) 770-224-6482
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200106/1f66011d/attachment-0001.html
More information about the Zeek
mailing list