zeek logs after fresh install #10183

Bikesh-Yadav · 2023-04-24T10:50:18Z

Bikesh-Yadav
Apr 24, 2023

Hello,
i have installed SO 2.3.23 in my VM, while installing i have selected Zeek for logs but i didn't see any zeek logs.

outputs:

Docker image output
root@ubuntu:~# sudo docker images | grep zeek
ghcr.io/security-onion-solutions/so-zeek 2.3.230 78d8618de9dc 12 days ago 2.18GB
ubuntu:5000/security-onion-solutions/so-zeek 2.3.230 78d8618de9dc 12 days ago 2.18GB

2.mdengine output

salt-call pillar.get global:mdengine
local:
ZEEK

so-zeek-start
[ERROR ] Failure!
local:

      ID: zeek_state_not_allowed
Function: test.fail_without_changes
  Result: False
 Comment: Failure!
 Started: 10:48:38.711003
Duration: 1.109 ms
 Changes:

..
is there any changes or modifications needed to get zeek logs?

cm-ops · 2023-04-25T17:40:47Z

cm-ops
Apr 25, 2023
Maintainer

What type of node are you running so-zeek-start on? salt-call grains.get id

1 reply

Bikesh-Yadav Apr 30, 2023
Author

I am running this command: "so-zeek-start" on Managersearch node

cm-ops · 2023-05-01T17:31:40Z

cm-ops
May 1, 2023
Maintainer

Zeek is not permitted to run on a Managersearch node, you would need a node with sensor components running.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

zeek logs after fresh install #10183

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

zeek logs after fresh install #10183

Uh oh!

Bikesh-Yadav Apr 24, 2023

Replies: 2 comments · 1 reply

Uh oh!

cm-ops Apr 25, 2023 Maintainer

Uh oh!

Bikesh-Yadav Apr 30, 2023 Author

Uh oh!

cm-ops May 1, 2023 Maintainer

Bikesh-Yadav
Apr 24, 2023

Replies: 2 comments 1 reply

cm-ops
Apr 25, 2023
Maintainer

Bikesh-Yadav Apr 30, 2023
Author

cm-ops
May 1, 2023
Maintainer