search

zeek / zeek-docker

Docker files for building Zeek.
86 stars 34 forks source link

Issue with zeekctl #19

Open priyanka18492 opened 4 years ago

priyanka18492 commented 4 years ago

Hey, I am trying to run zeekctl to deploy a new configuration.. but I get the following error .Please help me out

Traceback (most recent call last): File "./zeekctl", line 13, in from ZeekControl.zeekctl import ZeekCtl, ZeekControlError, CommandSyntaxError File "/usr/local/zeek-3.0.0/lib/zeekctl/ZeekControl/zeekctl.py", line 8, in from ZeekControl import lock File "/usr/local/zeek-3.0.0/lib/zeekctl/ZeekControl/lock.py", line 4, in from ZeekControl import config File "/usr/local/zeek-3.0.0/lib/zeekctl/ZeekControl/config.py", line 9, in from ZeekControl import py3zeek File "/usr/local/zeek-3.0.0/lib/zeekctl/ZeekControl/py3zeek.py", line 22, in from queue import Queue, Empty ModuleNotFoundError: No module named 'queue'

JustinAzoff commented 4 years ago

Can you share what you are trying to do using zeekctl inside of the container? I've been meaning to remove it entirely since it usually doesn't make sense in a container environment.

You don't need to use zeekctl in the container to run zeek, it can just be ran from the shell.

senorkrabs commented 3 years ago

Not sure about op, but I want to use zeekctl to manage zeek and run it as if it were a service for ongoing capture. As far as I can tell (and I don't have much experience with it) zeekctl is used to handle log rotation, paths, etc.

JustinAzoff commented 3 years ago

https://docs.zeek.org/en/current/frameworks/supervisor.html is what should be used for running zeek in a container

0xxon commented 3 years ago

Just to follow up on this with my 2 cents - we should either not include zeekctl in the container, or support it. The current state with it being inside, but not working seems unintuivite, at least :)

0xxon commented 3 years ago

Just to note - since I just went through them - this is a duplicate of #7, so this is a commonly raised problem.

JustinAzoff commented 3 years ago

yeah.. I know.. I'm torn about what to do about this. just removing the zeekctl bits would simplify the container a bit... and using zeekctl inside of a container is almost definitely a mistake.. but I could see it being useful for training purposes or something.

I just wouldn't want people to actually try to use it to do real work since zeekctl and containers really does not mix.

xhalliday commented 3 years ago

FWIW, if the python3-pip package is installed then the "queue" dependency is satisfied and zeekctl works.