On December 30, 2024 5:39:52 PM GMT+01:00, "Jörgen Maas" <jorgen.m...@gmail.com> wrote: >Hi there, > >I've been trying to get Zeek to work in a very simple cluster setup; the >problem is that my workers are not able to grab any data and create the >expected log files. The cluster config is a single node (localhost) and >monitoring of two interfaces, basically what's in the default node.cfg >(manager, proxy, logger, 2 x worker). All processes start, and are >listening on localhost for incoming connections. Testing the connectivity >with telnet to these ports gets me to a full connection. Nothing is logged >in stderr.log, i'm a bit puzzled :S > >In standalone mode running against a single interface Zeek is working fine. > >I'm running PF but have the "set skip lo0" set in /etc/pf.conf. >Zeek 6.0.5 is from packages on OpenBSD 7.6 / amd64 >This used to work fine for me "earlier" (older OpenBSD and older version of >the pkg). > >Is anyone out there running this version of Zeek in a cluster setup >successfully? > >Another question is that it seems there's an option to drop privileges but >this is not provided "out of the box" by the pkg. Has this ever been >explored yet? > >Thanks in advance! > >Kind regards, >Jörgen
Hi. It's a known issue, reported multiple times. I've looked a few times but wasn't able to find the culprit... :-/ I also tried updating to a newer release but failed. We are lacking stuff available in other OSes. If one can find the issue I will put the time into bringing the port up to date. -- Antoine
