Still can't get zeek-kafka to work

[emnahum]

Summary of the issue

zeek-kafka doesn't work, either via zkg or manual install

Expected behavior

...

Steps to reproduce

1) zkg install: zkg install seiso/zeek-kafka --version main error: invalid package "seiso/zeek-kafka": package name not found in sources and also not a usable git URL (invalid or inaccessible, use -vvv for details)

2) manual install: ./configure --with-librdkafka=$LIBRDKAFKA_ROOT make sudo make install zeek -N Seiso::Kafka Seiso::Kafka - Writes logs to Kafka (dynamic, version 0.3.0) zeek -r file.pcap /usr/local/zeek/share/zeek/site/local.zeek fatal error in /usr/local/zeek/share/zeek/site/kafka.zeek, line 2: can't find packages/zeek-kafka/Seiso/Kafka looking in /usr/local/zeek/share/zeek/site/packages, there is nothing there

Where applicable, consider providing a patch that uses the end to end testing environment.

Logs, errors, etc.

...

Your environment

• Version of Zeek
• Version or commit hash of the zeek-kafka package
• Operating System and version

zeek 4.0.0-rc2 version 0.3 Ubuntu 20.04

[JonZeolla]

@emnahum can you give it another shot now with zkg? I got it added to the zeek package index

[emnahum]

Running unit tests for "zeek/seisollc/zeek-kafka" error: "zeek/seisollc/zeek-kafka" tests failed, inspect contents of /home/nahum/.zkg/testing/zeek-kafka for details, especially any "zkg.test_command.{stderr,stdout}" files within /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka Proceed to install anyway? [N/y]n

more zkg.test_command.stderr:

afka.l2s-l2e-no-overlap ... failed % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.l2s-l2e-no-overlap/l2s-l2e-no- overlap.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.l2s-set-l2e-set ... failed % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.l2s-set-l2e-set/l2s-set-l2e-se t.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.l2s-set-l2e-unset ... failed % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.l2s-set-l2e-unset/l2s-set-l2e- unset.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.l2s-unset-l2e-set ... failed % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.l2s-unset-l2e-set/l2s-unset-l2 e-set.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.l2s-unset-l2e-unset ... failed % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.l2s-unset-l2e-unset/l2s-unset- l2e-unset.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.resolved-topic-config ... failed % 'bro -r ../../../tests/pcaps/exercise-traffic.pcap ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/t ests/.tmp/kafka.resolved-topic-config/resolved-topic-config.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.resolved-topic-default ... failed % 'bro -r ../../../tests/pcaps/exercise-traffic.pcap ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/t ests/.tmp/kafka.resolved-topic-default/resolved-topic-default.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.resolved-topic-override-and-config ... failed % 'bro -r ../../../tests/pcaps/exercise-traffic.pcap ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/t ests/.tmp/kafka.resolved-topic-override-and-config/resolved-topic-override-and-config.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.resolved-topic-override-only ... failed % 'bro -r ../../../tests/pcaps/exercise-traffic.pcap ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/t ests/.tmp/kafka.resolved-topic-override-only/resolved-topic-override-only.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.send-all-active-logs-l2e-set ... failed % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.send-all-active-logs-l2e-set/s end-all-active-logs-l2e-set.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.send-all-active-logs-l2e-unset /send-all-active-logs-l2e-unset.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.send-all-active-logs-l2s-set-l2e-set ... failed % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.send-all-active-logs-l2s-set-l 2e-set/send-all-active-logs-l2s-set-l2e-set.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE kafka.send-all-active-logs-l2s-set-l2e-unset ... failed % 'bro ../../../scripts/Apache/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.send-all-active-logs-l2s-set-l 2e-unset/send-all-active-logs-l2s-set-l2e-unset.bro > output' failed unexpectedly (exit code 1) % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

kafka.show-plugin ... failed % 'btest-diff output' failed unexpectedly (exit code 1) % cat .diag == File =============================== == Diff =============================== --- /tmp/test-diff.26368.output.baseline.tmp 2021-03-03 02:49:32.981669049 +0000 +++ /tmp/test-diff.26368.output.tmp 2021-03-03 02:49:32.981669049 +0000 @@ -1,11 +0,0 @@ -Apache::Kafka - Writes logs to Kafka (dynamic)

• [Writer] KafkaWriter (Log::WRITER_KAFKAWRITER)
• [Constant] Kafka::kafka_conf
• [Constant] Kafka::topic_name
• [Constant] Kafka::max_wait_on_shutdown
• [Constant] Kafka::tag_json
• [Constant] Kafka::json_timestamps
• [Constant] Kafka::debug
• [Constant] Kafka::mock
• [Event] kafka_topic_resolved_event

• =======================================

  % cat .stderr fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /usr/local/zeek/lib/zeek/plugins/SEISO_KA FKA//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/zeek/lib/zeek/plugins/SEISO_KAFKA//lib/SEISO-KAFKA.linux-x86_64.so: undefined symbol: _ZTIN4 zeek7logging13WriterBackendE

14 of 14 tests failed

(this time with zeek 4.0.0.)

[JonZeolla]

@emnahum I'm not sure why your environment is referring to Apache::Kafka or bro ../../../scripts/Apache/Kafka/ as that is not referenced in zeek-kafka. Perhaps something that wasn't cleaned up from a prior metron-bro-plugin-kafka install? You can see expected build logs for the plugin here.

I'm running a test using zkg install zeek/seisollc/zeek-kafka (as opposed to pointing it to a local file path, which is what our e2e tests use and is currently working) to see if I can reproduce what you're seeing.

[JonZeolla]

I was able to reproduce a very similar error message

[emnahum]

@JonZeolla I'm trying again using a clean build machine (nothing on it); I'll let you know if it solves anything.

[JonZeolla]

Wonderful, thank you. I'm working on the tests to support Ubuntu as well as to exercise whatever issue we end up finding here.

[emnahum]

It didn't work again, although the error is different:

137 biloxi1:~/.zkg/testing/zeek-kafka/clones/zeek-kafka$ more zkg.test_command.stderr kafka.l2s-l2e-no-overlap ... failed % 'zeek ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.l2s-l2e-no-overlap/l2s-l2e-no- overlap.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.l2s-set-l2e-set ... failed % 'zeek ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.l2s-set-l2e-set/l2s-set-l2e-se t.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.l2s-set-l2e-unset ... failed % 'zeek ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.l2s-set-l2e-unset/l2s-set-l2e- unset.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.l2s-unset-l2e-set ... failed % 'zeek ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.l2s-unset-l2e-set/l2s-unset-l2 e-set.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.l2s-unset-l2e-unset ... failed % 'zeek ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.l2s-unset-l2e-unset/l2s-unset- l2e-unset.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.resolved-topic-config ... failed % 'zeek -r ../../../tests/pcaps/exercise-traffic.pcap ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/t ests/.tmp/kafka.resolved-topic-config/resolved-topic-config.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.resolved-topic-default ... failed % 'zeek -r ../../../tests/pcaps/exercise-traffic.pcap ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/t ests/.tmp/kafka.resolved-topic-default/resolved-topic-default.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.resolved-topic-override-and-config ... failed % 'btest-diff output' failed unexpectedly (exit code 1) % cat .diag == File =============================== == Diff =============================== --- /tmp/test-diff.529999.output.baseline.tmp 2021-03-05 15:33:14.932647429 +0000 +++ /tmp/test-diff.529999.output.tmp 2021-03-05 15:33:14.900647311 +0000 @@ -1,2 +0,0 @@ -Kafka topic set to configuration-table-topic -Kafka topic set to const-variable-topic

% cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.resolved-topic-override-only ... failed % 'zeek -r ../../../tests/pcaps/exercise-traffic.pcap ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/t ests/.tmp/kafka.resolved-topic-override-only/resolved-topic-override-only.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.send-all-active-logs-l2e-set ... failed % 'zeek ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.send-all-active-logs-l2e-set/s end-all-active-logs-l2e-set.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.send-all-active-logs-l2e-unset ... failed % 'zeek ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.send-all-active-logs-l2e-unset /send-all-active-logs-l2e-unset.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.send-all-active-logs-l2s-set-l2e-set ... failed % 'zeek ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.send-all-active-logs-l2s-set-l 2e-set/send-all-active-logs-l2s-set-l2e-set.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.send-all-active-logs-l2s-set-l2e-unset ... failed % 'zeek ../../../scripts/Seiso/Kafka/ /home/nahum/.zkg/testing/zeek-kafka/clones/zeek-kafka/tests/.tmp/kafka.send-all-active-logs-l2s-set-l 2e-unset/send-all-active-logs-l2s-set-l2e-unset.zeek > output' failed unexpectedly (exit code 1) % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

kafka.show-plugin ... failed % 'btest-diff output' failed unexpectedly (exit code 1) % cat .diag == File =============================== == Diff =============================== --- /tmp/test-diff.530119.output.baseline.tmp 2021-03-05 15:33:15.728650374 +0000 +++ /tmp/test-diff.530119.output.tmp 2021-03-05 15:33:15.696650256 +0000 @@ -1,12 +0,0 @@ -Seiso::Kafka - Writes logs to Kafka (dynamic)

• [Writer] KafkaWriter (Log::WRITER_KAFKAWRITER)
• [Constant] Kafka::kafka_conf
• [Constant] Kafka::additional_message_values
• [Constant] Kafka::topic_name
• [Constant] Kafka::max_wait_on_shutdown
• [Constant] Kafka::tag_json
• [Constant] Kafka::json_timestamps
• [Constant] Kafka::debug
• [Constant] Kafka::mock
• [Event] kafka_topic_resolved_event

• =======================================

  % cat .stderr error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: cannot load plugin library /home/nahum/.zkg/testing/zeek-kafka/clones/zeek -kafka/build//lib/SEISO-KAFKA.linux-x86_64.so: /usr/local/lib/librdkafka++.so.1: undefined symbol: rd_kafka_error_string fatal error in /usr/local/zeek/share/zeek/base/init-bare.zeek, line 1: aborting after plugin errors

14 of 14 tests failed

[JonZeolla]

I have confirmed that this issue does not occur on centos 8 and installing with zkg in that environment works as expected. The metron-bro-plugin-kafka project did not officially support Ubuntu, but I am working on adding that support now.

[emnahum]

@JonZeolla any progress on this?

[JonZeolla]

I answered on slack, but just to reiterate here for anyone else following along:

From our testing it seems that the plugin install process works fine on Centos 8, which is the only OS currently supported. I did open #21 that begins to add Ubuntu support. So far we have been able to reproduce your issue in this testing environment, but neither @ottobackwards nor I have had a chance to track down the specific fix yet.

[JonZeolla]

@emnahum wanted to make sure you got notified of this. I think we have Ubuntu working now, so any issues you're still experiencing after following the updated setup steps would be a bug.

[emnahum]

Yes I saw. I haven't had a chance to test it yet through.

-Erich

On Tue, Jun 8, 2021 at 1:01 PM JonZeolla @.***> wrote:

@emnahum https://github.com/emnahum wanted to make sure you got notified of this. I think we have Ubuntu working now, so any issues you're still experiencing after following the updated setup steps would be a bug.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/SeisoLLC/zeek-kafka/issues/19#issuecomment-856938142, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGENXCOO6BD33LHQ6AR3HBDTRZEE7ANCNFSM4YIVDEBQ .

[AntonyNow19]

Hello I still have build error, both via zkg install and manual configure and make. I have an ubuntu 22.04 server with zeek 5.1.1 and zeek/seisollc/zeek-kafka.

The make command fails with the following error : [ 25%] Building CXX object CMakeFiles/SEISO-KAFKA.linux-x86_64.dir/src/KafkaWriter.cc.o /opt/zeek-kafka/src/KafkaWriter.cc: In constructor ‘zeek::logging::writer::KafkaWriter::KafkaWriter(zeek::logging::WriterFrontend*)’: /opt/zeek-kafka/src/KafkaWriter.cc:48:3: error: ‘IterCookie’ was not declared in this scope 48 | IterCookie *c = val->AsTable()->InitForIteration(); | ^~~~~~~~~~ /opt/zeek-kafka/src/KafkaWriter.cc:48:15: error: ‘c’ was not declared in this scope 48 | IterCookie *c = val->AsTable()->InitForIteration(); | ^ /opt/zeek-kafka/src/KafkaWriter.cc:48:33: error: invalid use of incomplete type ‘zeek::PDict<zeek::TableEntryVal>’ {aka ‘const class zeek::Dictionary<zeek::TableEntryVal>’} 48 | IterCookie *c = val->AsTable()->InitForIteration(); | ^~

and more similar errors. It seems that IterCookie structure is deprecated in zeek 5.0.0+.

Anyway to solve this issue ?

thanks A

[ottobackwards]

https://github.com/SeisoLLC/zeek-kafka/commit/39e9dbfdb924f1fb309dc1323f5963a244aa5551 this commit to main resolved this issue. I'm not sure you are building with main?