Hi there,

I've been trying to get Zeek to work in a very simple cluster setup; the
problem is that my workers are not able to grab any data and create the
expected log files. The cluster config is a single node (localhost) and
monitoring of two interfaces, basically what's in the default node.cfg
(manager, proxy, logger, 2 x worker). All processes start, and are
listening on localhost for incoming connections. Testing the connectivity
with telnet to these ports gets me to a full connection. Nothing is logged
in stderr.log, i'm a bit puzzled :S

In standalone mode running against a single interface Zeek is working fine.

I'm running PF but have the "set skip lo0" set in /etc/pf.conf.
Zeek 6.0.5 is from packages on OpenBSD 7.6 / amd64
This used to work fine for me "earlier" (older OpenBSD and older version of
the pkg).

Is anyone out there running this version of Zeek in a cluster setup
successfully?

Another question is that it seems there's an option to drop privileges but
this is not provided "out of the box" by the pkg. Has this ever been
explored yet?

Thanks in advance!

Kind regards,
Jörgen

Reply via email to