[Zeek] No packets captured by Zeek under OpenBSD

[Carlos Lopez]

Hi all,

I just installed Zeek 3.0.3-dev.3 under two OpenBSD 6.6 amd64 vms (one as worker and another as a manager). All seems to work ok but no packet is captured by Zeek worker. In logs directory, there are only the following files:

total 100
drwxr-xr-x  2 root  wheel    512 Mar  7 21:50 ./
drwxr-xr-x  7 root  wheel    512 Mar  7 21:50 ../
-rw-r--r--  1 root  wheel    137 Mar  7 21:42 .cmdline
-rw-r--r--  1 root  wheel    350 Mar  7 21:42 .env_vars
-rw-r--r--  1 root  wheel      6 Mar  7 21:42 .pid
-rw-r--r--  1 root  wheel     58 Mar  7 21:42 .startup
-rwx------  1 root  wheel     18 Mar  7 21:42 .status*
-rw-r--r--  1 root  wheel    401 Mar  7 21:43 cluster.log
-rw-r--r--  1 root  wheel  30276 Mar  7 21:43 loaded_scripts.log
-rw-r--r--  1 root  wheel    856 Mar  7 21:53 stats.log
-rw-r--r--  1 root  wheel      0 Mar  7 21:42 stderr.log
-rw-r--r--  1 root  wheel    140 Mar  7 21:43 stdout.log

No one shows any error. Same for the spool directory … Running tcpdump in worker node works without problem and I can see all the traffic …

Any idea?

--
Regards,
C. L. Martinez
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200307/8f781c8c/attachment.html