Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Zeek 3.0.1 #1645

Closed
dougburks opened this issue Sep 23, 2019 · 7 comments
Closed

Zeek 3.0.1 #1645

dougburks opened this issue Sep 23, 2019 · 7 comments
Assignees
Projects

Comments

@dougburks
Copy link
Contributor

@dougburks dougburks commented Sep 23, 2019

@dougburks dougburks self-assigned this Sep 23, 2019
@dougburks dougburks added this to To do in 16.04.6.3 via automation Sep 23, 2019
@dougburks dougburks moved this from To do to In progress in 16.04.6.3 Oct 2, 2019
@dougburks dougburks added this to To do in 16.04.6.4 Nov 15, 2019
@dougburks dougburks removed this from In progress in 16.04.6.3 Nov 15, 2019
@dougburks dougburks changed the title Zeek 3.0.0 Zeek 3.0.1 Dec 5, 2019
@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Dec 5, 2019

Zeek 3.0.0 has a performance regression when logging to JSON. Waiting for Zeek 3.0.1:
https://github.com/zeek/zeek/projects/5
zeek/zeek#595
zeek/zeek#604

@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Dec 10, 2019

@dougburks dougburks moved this from To do to In progress in 16.04.6.4 Dec 20, 2019
@dougburks dougburks moved this from In progress to In Testing in 16.04.6.4 Jan 4, 2020
@weslambert

This comment has been minimized.

Copy link
Collaborator

@weslambert weslambert commented Jan 17, 2020

No issues during my testing 👍

@defensivedepth

This comment has been minimized.

Copy link
Collaborator

@defensivedepth defensivedepth commented Jan 17, 2020

No issues seen in my testing

@chris-cuevas

This comment has been minimized.

Copy link

@chris-cuevas chris-cuevas commented Feb 4, 2020

No issues seen in my testing with more than 70,000,000 events per hour.

As per the checklist for testing...

dpkg -l |grep securityonion-bro
ii securityonion-bro 3.0.1-1ubuntu1securityonion10 amd64 The Bro Network Security Monitor
ii securityonion-bro-afpacket 1.3.0-1ubuntu1securityonion17 all Plugin providing native AF_Packet support for Bro.
ii securityonion-bro-scripts 20121004-0ubuntu0securityonion100 all Bro scripts for Security Onion

root@test-host1:~# ls -l /opt/zeek
lrwxrwxrwx 1 root root 3 Feb 4 13:06 /opt/zeek -> bro

root@test-host1:~# ls -l /nsm/zeek
lrwxrwxrwx 1 root root 3 Feb 4 13:06 /nsm/zeek -> bro

root@test-host1:~# ls -l /opt/bro/etc/broctl.cfg
lrwxrwxrwx 1 root root 11 Feb 4 13:06 /opt/bro/etc/broctl.cfg -> zeekctl.cfg

root@test-host1:~# ls -l /opt/bro/
total 0
drwxr-xr-x 2 root root 257 Feb 4 13:06 bin
drwxr-xr-x 2 root root 101 Feb 4 13:13 etc
drwxr-xr-x 2 root root 60 Sep 17 18:26 etc_pre-2.6.4
drwxr-xr-x 2 root root 60 Feb 4 13:04 etc_pre-3.0.1

root@test-host1:~# ls -l /opt/bro/share/
total 0
lrwxrwxrwx 1 root root 4 Feb 4 13:06 bro -> zeek
drwxr-xr-x 4 root root 31 Feb 4 13:06 bro.pre-3.0.1

root@test-host1:~# grep StatusCmdShowAll /opt/zeek/etc/zeekctl.cfg
StatusCmdShowAll = 0

root@test-host1:~# grep af_packet /opt/zeek/etc/zeekctl.cfg
lb_custom.InterfacePrefix=af_packet::

root@test-host1:~# ls /etc/cron.d/
anacron capme mdadm netsniff-sync nsm-watchdog php salt-update sensor-clean sensor-newday sguil-db-purge so-sensor-backup-config so-server-backup-config squert-ip2c sysstat zeek

I have rebooted the system and things come up smoothly on reboot.

@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Feb 4, 2020

Thanks @chris-cuevas !

@dougburks

This comment has been minimized.

@dougburks dougburks closed this Feb 5, 2020
16.04.6.4 automation moved this from In Testing to Done Feb 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
16.04.6.4
  
Done
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.