Upgraded our bro instance to the latest LTS version of Zeek (3.0.13 at time of writing). We had the older version of ja3 for bro so did a one-to-one replacement of the files to be placed in the /opt/zeek/share/zeek/site/ja3 directory. We tried both the original and the installation instruction's @ load line in local.zeek (@ load ja3/ which worked for the bro version, and @ load ./ja3 per the zeek instructions). In both cases, the file permissions are exactly the same.
The error message received when we run broctl deploy is:
"fatal error in /opt/zeek/share/zeek/site/local.zeek, line 221: can't find ./ja3"
The path changes to what we originally used with the bro version of ja3/.
Also for sanity made sure there were no extraneous white spaces or anything. When I moved the older bro version of ja3 back in place, deploy was successful and the scripts worked as expected adding the fields we need.
Upgraded our bro instance to the latest LTS version of Zeek (3.0.13 at time of writing). We had the older version of ja3 for bro so did a one-to-one replacement of the files to be placed in the /opt/zeek/share/zeek/site/ja3 directory. We tried both the original and the installation instruction's @ load line in local.zeek (@ load ja3/ which worked for the bro version, and @ load ./ja3 per the zeek instructions). In both cases, the file permissions are exactly the same.
The error message received when we run broctl deploy is: "fatal error in /opt/zeek/share/zeek/site/local.zeek, line 221: can't find ./ja3"
The path changes to what we originally used with the bro version of ja3/.
Also for sanity made sure there were no extraneous white spaces or anything. When I moved the older bro version of ja3 back in place, deploy was successful and the scripts worked as expected adding the fields we need.