[Zeek] Anyone using DoveHawk under Zeek 3.0.6

Justin Azoff justin at corelight.com
Thu May 7 06:08:44 PDT 2020 

> Child process exited with non-zero return code 60

CURLE_PEER_FAILED_VERIFICATION (60)

The remote server's SSL certificate or SSH md5 fingerprint was deemed
not OK. This error code has been unified with CURLE_SSL_CACERT since
7.62.0. Its previous value was 51.

The sites SSL certificate isn't trusted by your client.

If you run a

curl -v https://stonehaven.lab.uxdom.org/

you should see the same problem.

On Thu, May 7, 2020 at 4:47 AM Carlos Lopez <clopmz at outlook.com> wrote:
>
> Hi all,
>
>
>
> Today I have updated my Zeek cluster to release 3.0.6. I have installed dovehawk package also, but it is not downloading IOC from my MISP instance. Errors are:
>
>
>
> {"ts":"2020-05-07T08:40:39.980846Z","level":"Reporter::ERROR","message":"curl --header \"Authorization: \"AFz6lL1d2PMLPQ9O1V7OVoCOhawbXEZ9S01wu5GS\"\" -s -g -o \"\"/tmp/zeek-activehttp-E4Z8Vauqaq3_body\"\
>
> " -D \"\"/tmp/zeek-activehttp-E4Z8Vauqaq3_headers\"\" -X \"\"GET\"\" -m 60 \"\"https://stonehaven.lab.uxdom.org/attributes/bro/download/all\"\" && touch \"/tmp/zeek-activehttp-E4Z8Vauqaq3_body\" |/Input::
>
> READER_RAW: Child process exited with non-zero return code 60","location":""}
>
> {"ts":"2020-05-07T08:40:39.980846Z","level":"Reporter::ERROR","message":"curl --header \"Authorization: \"AFz6lL1d2PMLPQ9O1V7OVoCOhawbXEZ9S01wu5GS\"\" -s -g -o \"\"/tmp/zeek-activehttp-FRYEeOTxgol_body\"\
>
> " -D \"\"/tmp/zeek-activehttp-FRYEeOTxgol_headers\"\" -X \"\"GET\"\" -m 60 \"\"https://stonehaven.lab.uxdom.org/attributes/text/download/zeek\"\" && touch \"/tmp/zeek-activehttp-FRYEeOTxgol_body\" |/Input
>
> ::READER_RAW: Child process exited with non-zero return code 60","location":""}
>
> {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-E4Z8Vauqaq3_body/Input::READER_RAW: Init: cannot open /tmp/zeek-activehttp-E4Z8Vauqaq3_body","location":""}
>
> {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-E4Z8Vauqaq3_body/Input::READER_RAW: Init failed","location":""}
>
> {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-E4Z8Vauqaq3_body/Input::READER_RAW: terminating thread","location":""}
>
> {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-FRYEeOTxgol_body/Input::READER_RAW: Init: cannot open /tmp/zeek-activehttp-FRYEeOTxgol_body","location":""}
>
> {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-FRYEeOTxgol_body/Input::READER_RAW: Init failed","location":""}
>
> {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-FRYEeOTxgol_body/Input::READER_RAW: terminating thread","location":""}
>
>
>
> Any light on this?
>
>
>
> Regards,
>
> C. L. Martinez
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek



-- 
Justin

More information about the Zeek mailing list