search

SeisoLLC / zeek-kafka

A Zeek log writer plugin that publishes to Kafka.
Apache License 2.0
45 stars 16 forks source link

metron-bro-plugin-kafka doesn't build with Zeek 4.0.0 #17

Closed emnahum closed 3 years ago

emnahum commented 3 years ago

Summary of the issue

metron-bro-plugin-kafka doesn't build with zeek 4.00 RC2

Expected behavior

zkg install metron-bro-plugin kafka should result in 0 error code.

Steps to reproduce

zkg install metron-bro-plugin kafka

Where applicable, consider providing a patch that uses the end to end testing environment.

Logs, errors, etc.

in ~/.zkg/testing/metron-bro-plugin-kafka/clones/metron-bro-plugin-kafka/zkg.test_command.stderr:

kafka.l2s-l2e-no-overlap ... failed % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/metron-bro-plugin-kafka/clones/metron-bro-plugin-kafka/tests/.tmp/kafka.l2s-l2e-no-overlap/l2s-l2e-no-overlap.bro > output' failed unexpectedly (exit code 134) % cat .stderr error in /usr/local/zeek/share/zeek/base/bif/packet_analysis.bif.zeek, line 15: identifier not defined: PacketAnalyzer::Tag error in /usr/local/zeek/share/zeek/base/bif/packet_analysis.bif.zeek, line 15: identifier not defined: PacketAnalyzer::Tag internal error in /usr/local/zeek/share/zeek/base/bif/packet_analysis.bif.zeek, line 29: internal variable peer_description missing /home/nahum/zeek-3.0.12/build/src/bro: line 32: 69816 Aborted (core dumped) "${base}/${new}" "$@"

kafka.l2s-set-l2e-set ... failed % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/metron-bro-plugin-kafka/clones/metron-bro-plugin-kafka/tests/.tmp/kafka.l2s-s et-l2e-set/l2s-set-l2e-set.bro > output' failed unexpectedly (exit code 134) % cat .stderr error in /usr/local/zeek/share/zeek/base/bif/packet_analysis.bif.zeek, line 15: identifier not defined: PacketAnalyzer::Tag error in /usr/local/zeek/share/zeek/base/bif/packet_analysis.bif.zeek, line 15: identifier not defined: PacketAnalyzer::Tag internal error in /usr/local/zeek/share/zeek/base/bif/packet_analysis.bif.zeek, line 29: internal variable peer_description missing /home/nahum/zeek-3.0.12/build/src/bro: line 32: 69836 Aborted (core dumped) "${base}/${new}" "$@" etc.

Your environment

emnahum commented 3 years ago

Using the zeek-kafka plugin, same OS and zeek version, I get:

a bunch of warnings that look like the following:

336 | mgr.QueueEvent(kafka_topic_resolved_event, vl); | ^~~ In file included from /usr/local/zeek/include/zeek/zeek-bif.h:6, from /home/nahum/zeek-kafka/build/kafka.bif.h:7, from /home/nahum/zeek-kafka/src/KafkaWriter.h:29, from /home/nahum/zeek-kafka/src/KafkaWriter.cc:18: /usr/local/zeek/include/zeek/Event.h:159:24: note: declared here 159 | extern zeek::EventMgr& mgr [[deprecated("Remove in v4.1. Use zeek::event_mgr")]];

and an error that looks like: 336 | mgr.QueueEvent(kafka_topic_resolved_event, vl); | ^ In file included from /usr/local/zeek/include/zeek/zeek-bif.h:6, from /home/nahum/zeek-kafka/build/kafka.bif.h:7, from /home/nahum/zeek-kafka/src/KafkaWriter.h:29, from /home/nahum/zeek-kafka/src/KafkaWriter.cc:18: /usr/local/zeek/include/zeek/Event.h:84:7: note: declared here 84 | void QueueEvent(const EventHandlerPtr &h, ValPList* vl, | ^~~~~~

JonZeolla commented 3 years ago

@emnahum I have a PR open with a fix, pending review. You're welcome to test out my feature branch and see if it fixes your issue, but it worked for me locally on 4.0.0-rc2

emnahum commented 3 years ago

Thanks! How do I pull your feature branch?