search

rocknsm / rock

Automated deployment scripts for the RockNSM network hunting distribution.
http://rocknsm.io
Apache License 2.0
446 stars 96 forks source link

issue with broctl.service when deploying #268

Closed nayra42 closed 6 years ago

nayra42 commented 6 years ago

I have played around with rocknsm a few different times, this time i went to deploy in my lab and I started seeing a new error. I am not sure why i am getting this or what I need to do.

fatal: [simplerockbuild.simplerock.lan]: FAILED! => {"changed": false, "msg": "Unable to start service broctl: Job for broctl.service failed because the control process exited with error code. See \"systemctl status broctl.service\" and \"journalctl -xe\" for details.\n"}

here is the journalctl output:

-- Unit broctl.service has begun starting up. Jun 28 21:26:21 simplerockbuild.simplerock.lan broctl[4811]: checking configurations ... Jun 28 21:26:21 simplerockbuild.simplerock.lan broctl[4811]: logger scripts failed. Jun 28 21:26:21 simplerockbuild.simplerock.lan broctl[4811]: error in /opt/bro/share/bro/site/scripts/rock/plugins/kafka.bro, line 25: unknown identifier Kafka::logs_to_send, at or near "Kaf Jun 28 21:26:21 simplerockbuild.simplerock.lan broctl[4811]: manager scripts failed. Jun 28 21:26:21 simplerockbuild.simplerock.lan broctl[4811]: error in /opt/bro/share/bro/site/scripts/rock/plugins/kafka.bro, line 25: unknown identifier Kafka::logs_to_send, at or near "Kaf Jun 28 21:26:21 simplerockbuild.simplerock.lan broctl[4811]: proxy-1 scripts failed. Jun 28 21:26:21 simplerockbuild.simplerock.lan broctl[4811]: error in /opt/bro/share/bro/site/scripts/rock/plugins/kafka.bro, line 25: unknown identifier Kafka::logs_to_send, at or near "Kaf Jun 28 21:26:21 simplerockbuild.simplerock.lan broctl[4811]: ens224-1 scripts failed. Jun 28 21:26:21 simplerockbuild.simplerock.lan broctl[4811]: error in /opt/bro/share/bro/site/scripts/rock/plugins/kafka.bro, line 25: unknown identifier Kafka::logs_to_send, at or near "Kaf Jun 28 21:26:21 simplerockbuild.simplerock.lan systemd[1]: broctl.service: control process exited, code=exited status=1 Jun 28 21:26:21 simplerockbuild.simplerock.lan systemd[1]: Failed to start Bro Network Intrusion Detection System (NIDS). -- Subject: Unit broctl.service has failed

jeffgeiger commented 6 years ago

This is/was an issue with conflicts between EPEL's librdkafka and the one the bro kafka writer was compiled against. This is fixed in the devel branch, which should be getting merged soon. @nayra42 - lemme know if you'd like a download link to the beta 2.1 ISO

nayra42 commented 6 years ago

Hello @jeffgeiger I would like a link to that beta ISO, unless it is close to release, then I am fine waiting. I use this in a lab environment for training/educational purposes.