Project

General

Profile

Actions
Copy link

Bug #16908

open

ZEEK -> GUI Logging issues

Added by Andrew R 1 day ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Zeek
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
26.03.1
Affected Architecture:
All

Description

A recent change to Zeeks configuration has casued it not to operate properly from the GUI where the logs are not accessible.
The problem is with the Zeek NSM -> Real-Time Inspection facility where I am presented with an empty list but the directories are populated with data.
Zeek looks like it's functioning properly at the OS level but the interpretation of the directory locations from the GUI are not being picked up correctly.
I've tried adjusting the ZeekControl Config -> Log Store Directory option but the issue was not resolved.

LOG ENTRIES
-----------
NOTICE The command '/usr/local/etc/rc.d/zeek.sh stop' returned exit code '1', the output was 'Error: zeekctl option "spooldir" directory not found: /usr/local/spool'

NOTICE The command '/usr/local/etc/rc.d/zeek.sh restart' returned exit code '1', the output was 'Error: zeekctl option "spooldir" directory not found: /usr/local/spool mount: /proc: No such file or directory Error: zeekctl option "spooldir" directory not found: /usr/local/spool'

REFERENCES:
https://forum.netgate.com/topic/174221/zeek-installed-but-nothing-in-logs

HARDWARE -> XG7100U / SG1100
PFSENSE -> 26.03
ZEEK VER -> 3.0.4
ZEEK PKG -> 8.0.5

No data to display

Actions
Copy link

Also available in: Atom PDF