Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I have an issues about Zeek Cluster. #36

Closed
KONEONE opened this issue Jul 20, 2021 · 1 comment
Closed

I have an issues about Zeek Cluster. #36

KONEONE opened this issue Jul 20, 2021 · 1 comment

Comments

@KONEONE
Copy link

KONEONE commented Jul 20, 2021

I am a newbie to Zeek and I am trying to build a Zeek cluster. But I encountered the following problems.

[logger-1]

No core file found.

Zeek 4.0.3
Linux 5.4.0-77-generic

Zeek plugins: (none found)

==== No reporter.log

==== stderr.log
fatal error in /usr/local/zeek/share/zeek/base/frameworks/cluster/__load__.zeek, line 25: can't find cluster-layout

==== stdout.log
max memory size         (kbytes, -m) unlimited
data seg size           (kbytes, -d) unlimited
virtual memory          (kbytes, -v) unlimited
core file size          (blocks, -c) unlimited

==== .cmdline
-U .status -p zeekctl -p zeekctl-live -p local -p logger-1 local.zeek zeekctl base/frameworks/cluster zeekctl/auto

==== .env_vars
PATH=/usr/local/zeek/bin:/usr/local/zeek/share/zeekctl/scripts:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
ZEEKPATH=/usr/local/zeek/spool/installed-scripts-do-not-touch/site::/usr/local/zeek/spool/installed-scripts-do-not-touch/auto:/usr/local/zeek/share/zeek:/usr/local/zeek/share/zeek/policy:/usr/local/zeek/share/zeek/site
CLUSTER_NODE=logger-1

==== .status
TERMINATED [fatal_error]

==== No prof.log

==== No packet_filter.log

==== No loaded_scripts.log

[manager]
No work dir found

[proxy-1]
No work dir found

[worker-1]
error running crash-diag for worker-1
Failed to establish ssh connection to host x.x.x.x
[ZeekControl] > Host key verification failed.
Host key verification failed.
Host key verification failed.
Host key verification failed.
Host key verification failed.
Host key verification faile

When I did not configure the cluster, I used sudo python3 zeekctl, and no error was reported. The above error occurred after modifying /etc/node.cfg.


==== No reporter.log

==== stderr.log
fatal error in /usr/local/zeek/share/zeek/base/frameworks/cluster/__load__.zeek, line 25: can't find cluster-layout

==== stdout.log
max memory size         (kbytes, -m) unlimited
data seg size           (kbytes, -d) unlimited
virtual memory          (kbytes, -v) unlimited
core file size          (blocks, -c) unlimited

==== .cmdline
-U .status -p zeekctl -p zeekctl-live -p local -p logger-1 local.zeek zeekctl base/frameworks/cluster zeekctl/auto

==== .env_vars
PATH=/usr/local/zeek/bin:/usr/local/zeek/share/zeekctl/scripts:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
ZEEKPATH=/usr/local/zeek/spool/installed-scripts-do-not-touch/site::/usr/local/zeek/spool/installed-scripts-do-not-touch/auto:/usr/local/zeek/share/zeek:/usr/local/zeek/share/zeek/policy:/usr/local/zeek/share/zeek/site
CLUSTER_NODE=logger-1

==== .status
TERMINATED [fatal_error]

==== No prof.log

==== No packet_filter.log

==== No loaded_scripts.log

These errors will also appear in non-cluster situations, and there are no files under /spool/zeek/. However, sometimes this problem does not arise. This confuses me. When I create these log files directly, I still get an error when running zeekctl.
@0xxon
Copy link
Member

0xxon commented Jul 20, 2021

Hi,

We don't use GitHub issues for support questions. Questions like this are best answered using on either slack or our mailing list, which is both are frequented by Zeek developers and professional users. You can join here:

Mailing list: https://lists.zeek.org/mailman3/lists/zeek.lists.zeek.org/

Slack: https://zeek.org/community/

Johanna

@0xxon 0xxon closed this as completed Jul 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0xxon @KONEONE