zeek-docker icon indicating copy to clipboard operation
zeek-docker copied to clipboard

Published 20 hours ago verified publisher icon zeek

Issue with zeekctl

Open priyanka18492 opened this issue 4 years ago • 7 comments

Hey, I am trying to run zeekctl to deploy a new configuration.. but I get the following error .Please help me out

Traceback (most recent call last): File "./zeekctl", line 13, in from ZeekControl.zeekctl import ZeekCtl, ZeekControlError, CommandSyntaxError File "/usr/local/zeek-3.0.0/lib/zeekctl/ZeekControl/zeekctl.py", line 8, in from ZeekControl import lock File "/usr/local/zeek-3.0.0/lib/zeekctl/ZeekControl/lock.py", line 4, in from ZeekControl import config File "/usr/local/zeek-3.0.0/lib/zeekctl/ZeekControl/config.py", line 9, in from ZeekControl import py3zeek File "/usr/local/zeek-3.0.0/lib/zeekctl/ZeekControl/py3zeek.py", line 22, in from queue import Queue, Empty ModuleNotFoundError: No module named 'queue'

priyanka18492 avatar Nov 15 '20 22:11 priyanka18492

Can you share what you are trying to do using zeekctl inside of the container? I've been meaning to remove it entirely since it usually doesn't make sense in a container environment.

You don't need to use zeekctl in the container to run zeek, it can just be ran from the shell.

JustinAzoff avatar Nov 18 '20 18:11 JustinAzoff

Not sure about op, but I want to use zeekctl to manage zeek and run it as if it were a service for ongoing capture. As far as I can tell (and I don't have much experience with it) zeekctl is used to handle log rotation, paths, etc.

senorkrabs avatar Dec 11 '20 13:12 senorkrabs

https://docs.zeek.org/en/current/frameworks/supervisor.html is what should be used for running zeek in a container

JustinAzoff avatar Dec 11 '20 15:12 JustinAzoff

Just to follow up on this with my 2 cents - we should either not include zeekctl in the container, or support it. The current state with it being inside, but not working seems unintuivite, at least :)

0xxon avatar Dec 11 '20 16:12 0xxon

Just to note - since I just went through them - this is a duplicate of #7, so this is a commonly raised problem.

0xxon avatar Dec 11 '20 16:12 0xxon

yeah.. I know.. I'm torn about what to do about this. just removing the zeekctl bits would simplify the container a bit... and using zeekctl inside of a container is almost definitely a mistake.. but I could see it being useful for training purposes or something.

I just wouldn't want people to actually try to use it to do real work since zeekctl and containers really does not mix.

JustinAzoff avatar Dec 11 '20 20:12 JustinAzoff

FWIW, if the python3-pip package is installed then the "queue" dependency is satisfied and zeekctl works.

xhalliday avatar Dec 13 '20 22:12 xhalliday