use zeekrunner scripts and zqd cli option #732
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alfred-landrum
changed the title
alfred-landrum
changed the title
alfred-landrum
force-pushed
the
zeek-runner
branch
3 times, most recently
from
3620bb1
to
b654376
Compare
alfred-landrum
force-pushed
the
zeek-runner
branch
from
fc695df
to
470f2a3
Compare
|
The zqd side of this is ready in brimdata/zed#718 , so when this Brim PR is approved, I'll merge the zq PR, then update the zq pointers here and merge. |
mikesbrown
reviewed
May 8, 2020
There was a problem hiding this comment.
This passed the Windows integration tests, so I don't have platform concerns. I also verified that locally, zqd and zeek are run like so:
501 82132 82131 0 10:20AM ttys007 0:04.24 /Users/mikeb/git/brim/zdeps/zqd listen -l localhost:9867 -datadir /Users/mikeb/git/brim/run/data/spaces -config /Users/mikeb/git/brim/run/zqd-config.yaml -zeekrunner /Users/mikeb/git/brim/zdeps/zeek/zeekrunner
501 82206 82132 0 10:20AM ttys007 0:17.02 /Users/mikeb/git/brim/zdeps/zeek/bin/zeek -C -r - --exec event zeek_init() { Log::disable_stream(PacketFilter::LOG); Log::disable_stream(LoadedScripts::LOG); } local
mikesbrown
approved these changes
May 8, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is part of the brimsec/brim repo side work for #731.
Use the
-zeekrunnercli option to zqd ( brimdata/zed#718 ), defaulting to the value of environment variableBRIM_ZEEK_RUNNER, else to the zeekrunner included from the zdeps zeek artifact ( brimdata/zeek#23 ).