Closed dougburks closed 4 years ago
Zeek 3.0.0 has a performance regression when logging to JSON. Waiting for Zeek 3.0.1: https://github.com/zeek/zeek/projects/5 https://github.com/zeek/zeek/issues/595 https://github.com/zeek/zeek/issues/604
Zeek 3.0.1 now available: https://github.com/zeek/zeek/releases/tag/v3.0.1
No issues during my testing 👍
No issues seen in my testing
No issues seen in my testing with more than 70,000,000 events per hour.
As per the checklist for testing...
dpkg -l |grep securityonion-bro ii securityonion-bro 3.0.1-1ubuntu1securityonion10 amd64 The Bro Network Security Monitor ii securityonion-bro-afpacket 1.3.0-1ubuntu1securityonion17 all Plugin providing native AF_Packet support for Bro. ii securityonion-bro-scripts 20121004-0ubuntu0securityonion100 all Bro scripts for Security Onion
root@test-host1:~# ls -l /opt/zeek lrwxrwxrwx 1 root root 3 Feb 4 13:06 /opt/zeek -> bro
root@test-host1:~# ls -l /nsm/zeek lrwxrwxrwx 1 root root 3 Feb 4 13:06 /nsm/zeek -> bro
root@test-host1:~# ls -l /opt/bro/etc/broctl.cfg lrwxrwxrwx 1 root root 11 Feb 4 13:06 /opt/bro/etc/broctl.cfg -> zeekctl.cfg
root@test-host1:~# ls -l /opt/bro/ total 0 drwxr-xr-x 2 root root 257 Feb 4 13:06 bin drwxr-xr-x 2 root root 101 Feb 4 13:13 etc drwxr-xr-x 2 root root 60 Sep 17 18:26 etc_pre-2.6.4 drwxr-xr-x 2 root root 60 Feb 4 13:04 etc_pre-3.0.1
root@test-host1:~# ls -l /opt/bro/share/ total 0 lrwxrwxrwx 1 root root 4 Feb 4 13:06 bro -> zeek drwxr-xr-x 4 root root 31 Feb 4 13:06 bro.pre-3.0.1
root@test-host1:~# grep StatusCmdShowAll /opt/zeek/etc/zeekctl.cfg StatusCmdShowAll = 0
root@test-host1:~# grep af_packet /opt/zeek/etc/zeekctl.cfg lb_custom.InterfacePrefix=af_packet::
root@test-host1:~# ls /etc/cron.d/ anacron capme mdadm netsniff-sync nsm-watchdog php salt-update sensor-clean sensor-newday sguil-db-purge so-sensor-backup-config so-server-backup-config squert-ip2c sysstat zeek
I have rebooted the system and things come up smoothly on reboot.
Thanks @chris-cuevas !
https://blog.zeek.org/2019/09/zeek-300.html