After restarting Malcolm, zeek did not start #623
-
|
I customized some zeek scripts and put them in/ Under Malcolm/zeek/custom/, it can be used normally, but after restarting Malcolm, zeek cannot start and can only be started by deleting zeek's log directory. I cannot determine if it is a bug or if I am using it incorrectly Malcolm version v25.01.0
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
|
Running In the host on which Malcolm is running, if Malcolm is deployed using To see what's wrong, I'd recommend you start Malcolm and let it come back up, then run |
Beta Was this translation helpful? Give feedback.
-
|
Yes, you're right. I started it correctly in this way. During use, it was found that if the zeekctrl install, start, and stop scripts are executed in the zeek live container, there is a probability of causing startup failure. This is due to file permission issues that result in the failure to delete the installdinstalled scripts do not touch or logger folder, leading to startup failure. |
Beta Was this translation helpful? Give feedback.
Running
zeekctldirectly inside Malcolm's Zeek containers isn't advised, as there is some other setup that needs to happen for things to get put in the right place prior to that starting up. Instead, we have some scripting that can do that for you. See the documentation here.In the host on which Malcolm is running, if Malcolm is deployed using
docker compose, you can restart the zeek services withdocker compose exec zeek-live supervisorctl restart live-zeek, or, by getting a shell into the container and just runningsupervisorctl restart live-zeek.To see what's wrong, I'd recommend you start Malcolm and let it come back up, then run
./scripts/logs -s zeek-liveand share the output here…