Hi there,
I've been trying to get Zeek to work in a very simple cluster setup; the problem is that my workers are not able to grab any data and create the expected log files. The cluster config is a single node (localhost) and monitoring of two interfaces, basically what's in the default node.cfg (manager, proxy, logger, 2 x worker). All processes start, and are listening on localhost for incoming connections. Testing the connectivity with telnet to these ports gets me to a full connection. Nothing is logged in stderr.log, i'm a bit puzzled :S
In standalone mode running against a single interface Zeek is working fine.
I'm running PF but have the "set skip lo0" set in /etc/pf.conf.
Zeek 6.0.5 is from packages on OpenBSD 7.6 / amd64
This used to work fine for me "earlier" (older OpenBSD and older version of the pkg).
Is anyone out there running this version of Zeek in a cluster setup successfully?
Another question is that it seems there's an option to drop privileges but this is not provided "out of the box" by the pkg. Has this ever been explored yet?
Thanks in advance!
Kind regards,
Jörgen
No comments:
Post a Comment