Skip to content
This repository has been archived by the owner on Jan 21, 2023. It is now read-only.

Zeek container start errors #33

Open
sephirothac opened this issue May 12, 2022 · 1 comment
Open

Zeek container start errors #33

sephirothac opened this issue May 12, 2022 · 1 comment

Comments

@sephirothac
Copy link

sephirothac commented May 12, 2022

Hello,

Thank you for your work but after following your explanation for the deployment of Zeek by the docker-compose file I have the Zeek container that starts and stops after errors, here below the log of the Zeek container.

Thanks for your help.

$ git clone --depth 1 https://github.com/blacktop/docker-zeek.git
$ cd docker-zeek
$ docker-compose -f docker-compose.elastic.yml up -d kibana
wait a few minutes for "kibana" to start
$ docker-compose -f docker-compose.elastic.yml up -d filebeat
$ docker-compose -f docker-compose.elastic.yml up zeek
wait a little while for filebeat to consume all the logs
$ open http://localhost:5601/app/kibana

zeek_1
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])

@sephirothac
Copy link
Author

Hello,

I tried to get your image directly on Docker hub but I still have the same problem, thanks for your help.

docker-compose -f docker-compose.elastic.yml up zeek

Pulling zeek (blacktop/zeek:latest)...
latest: Pulling from blacktop/zeek
97518928ae5f: Already exists
eccef9b8d28a: Pull complete
2408ee44052f: Pull complete
a3f50806a8d9: Pull complete
25c71345e8f9: Pull complete
2b35999d9148: Pull complete
c4d2d5050818: Pull complete
Digest: sha256:5e90a86baaabae56127671d1b9dd5ed8c9f2ad9df108f14218ae85657efde5be
Status: Downloaded newer image for blacktop/zeek:latest
zeek-dm-01_elasticsearch_1 is up-to-date
zeek-dm-01_kibana_1 is up-to-date
zeek-dm-01_filebeat_1 is up-to-date
Recreating zeek-dm-01_zeek_1 ... done
Attaching to zeek-dm-01_zeek_1
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 39: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek_1 | 1295981840.989753 expression error in /usr/local/zeek/share/zeek/policy/frameworks/notice/extend-email/hostnames.zeek, line 49: no such index (Notice::tmp_notice_storage[Notice::uid])
zeek-dm-01_zeek_1 exited with code 0

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant