[Zeek] Anyone using DoveHawk under Zeek 3.0.6

Carlos Lopez clopmz at outlook.com
Thu May 7 06:16:28 PDT 2020 

Yep ... It was the certificate ... I have added "-k" flag to curl and all works ok now ...

Thanks.

On 07/05/2020, 15:09, "Justin Azoff" <justin at corelight.com> wrote:

    > Child process exited with non-zero return code 60

    CURLE_PEER_FAILED_VERIFICATION (60)

    The remote server's SSL certificate or SSH md5 fingerprint was deemed
    not OK. This error code has been unified with CURLE_SSL_CACERT since
    7.62.0. Its previous value was 51.

    The sites SSL certificate isn't trusted by your client.

    If you run a

    curl -v https://stonehaven.lab.uxdom.org/

    you should see the same problem.

    On Thu, May 7, 2020 at 4:47 AM Carlos Lopez <clopmz at outlook.com> wrote:
    >
    > Hi all,
    >
    >
    >
    > Today I have updated my Zeek cluster to release 3.0.6. I have installed dovehawk package also, but it is not downloading IOC from my MISP instance. Errors are:
    >
    >
    >
    > {"ts":"2020-05-07T08:40:39.980846Z","level":"Reporter::ERROR","message":"curl --header \"Authorization: \"AFz6lL1d2PMLPQ9O1V7OVoCOhawbXEZ9S01wu5GS\"\" -s -g -o \"\"/tmp/zeek-activehttp-E4Z8Vauqaq3_body\"\
    >
    > " -D \"\"/tmp/zeek-activehttp-E4Z8Vauqaq3_headers\"\" -X \"\"GET\"\" -m 60 \"\"https://stonehaven.lab.uxdom.org/attributes/bro/download/all\"\" && touch \"/tmp/zeek-activehttp-E4Z8Vauqaq3_body\" |/Input::
    >
    > READER_RAW: Child process exited with non-zero return code 60","location":""}
    >
    > {"ts":"2020-05-07T08:40:39.980846Z","level":"Reporter::ERROR","message":"curl --header \"Authorization: \"AFz6lL1d2PMLPQ9O1V7OVoCOhawbXEZ9S01wu5GS\"\" -s -g -o \"\"/tmp/zeek-activehttp-FRYEeOTxgol_body\"\
    >
    > " -D \"\"/tmp/zeek-activehttp-FRYEeOTxgol_headers\"\" -X \"\"GET\"\" -m 60 \"\"https://stonehaven.lab.uxdom.org/attributes/text/download/zeek\"\" && touch \"/tmp/zeek-activehttp-FRYEeOTxgol_body\" |/Input
    >
    > ::READER_RAW: Child process exited with non-zero return code 60","location":""}
    >
    > {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-E4Z8Vauqaq3_body/Input::READER_RAW: Init: cannot open /tmp/zeek-activehttp-E4Z8Vauqaq3_body","location":""}
    >
    > {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-E4Z8Vauqaq3_body/Input::READER_RAW: Init failed","location":""}
    >
    > {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-E4Z8Vauqaq3_body/Input::READER_RAW: terminating thread","location":""}
    >
    > {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-FRYEeOTxgol_body/Input::READER_RAW: Init: cannot open /tmp/zeek-activehttp-FRYEeOTxgol_body","location":""}
    >
    > {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-FRYEeOTxgol_body/Input::READER_RAW: Init failed","location":""}
    >
    > {"ts":"2020-05-07T08:40:39.982698Z","level":"Reporter::ERROR","message":"/tmp/zeek-activehttp-FRYEeOTxgol_body/Input::READER_RAW: terminating thread","location":""}
    >
    >
    >
    > Any light on this?
    >
    >
    >
    > Regards,
    >
    > C. L. Martinez
    >
    > _______________________________________________
    > Zeek mailing list
    > zeek at zeek.org
    > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek



    -- 
    Justin

More information about the Zeek mailing list