On December 30, 2024 5:39:52 PM GMT+01:00, "Jörgen Maas" <jorgen.maas@gmail.com> wrote:
>Hi there,
>
>I've been trying to get Zeek to work in a very simple cluster setup; the
>problem is that my workers are not able to grab any data and create the
>expected log files. The cluster config is a single node (localhost) and
>monitoring of two interfaces, basically what's in the default node.cfg
>(manager, proxy, logger, 2 x worker). All processes start, and are
>listening on localhost for incoming connections. Testing the connectivity
>with telnet to these ports gets me to a full connection. Nothing is logged
>in stderr.log, i'm a bit puzzled :S
>
>In standalone mode running against a single interface Zeek is working fine.
>
>I'm running PF but have the "set skip lo0" set in /etc/pf.conf.
>Zeek 6.0.5 is from packages on OpenBSD 7.6 / amd64
>This used to work fine for me "earlier" (older OpenBSD and older version of
>the pkg).
>
>Is anyone out there running this version of Zeek in a cluster setup
>successfully?
>
>Another question is that it seems there's an option to drop privileges but
>this is not provided "out of the box" by the pkg. Has this ever been
>explored yet?
>
>Thanks in advance!
>
>Kind regards,
>Jörgen
Hi.
It's a known issue, reported multiple times.
I've looked a few times but wasn't able to find the culprit... :-/
I also tried updating to a newer release but failed. We are lacking stuff available in other OSes.
If one can find the issue I will put the time into bringing the port up to date.
--
Antoine
No comments:
Post a Comment