13:47:07,673 INFO running command = export BRO_SEED_FILE='/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/bro.seeds' & '/opt/bro/bin/bro' '-C' -r '/stoqdata/bro/inside.pcap' '/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/extract-all.bro' 13:47:07,669 INFO Parsing /stoqdata/bro/inside.pcap opt/bro/bin/bro: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /opt/bro/bin/bro) 13:11:22,099 ERROR something went wrond during Bro execution: /opt/bro/bin/bro: /opt/splunk/lib/libssl.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /opt/bro/bin/bro) 13:11:22,090 INFO running command = export BRO_SEED_FILE='/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/bro.seeds' & '/opt/bro/bin/bro' '-C' -r '/stoqdata/bro/inside.pcap' '/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/extract-all.bro' 13:11:22,085 INFO Parsing /stoqdata/bro/inside.pcap usr/bin/bro: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /usr/bin/bro) 12:25:48,308 ERROR something went wrond during Bro execution: /usr/bin/bro: /opt/splunk/lib/libssl.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /usr/bin/bro) 12:25:48,298 INFO running command = export BRO_SEED_FILE='/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/bro.seeds' & '/usr/bin/bro' '-C -r' -r '/stoqdata/bro/inside.pcap' '/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/extract-all.bro' 12:25:48,298 INFO Parsing /stoqdata/bro/inside.pcap EXCERPTS FROM Splunk_TA_bro.log after ingest pcap: It's only when Splunk attempts to do it, does it fail. I am able to use the Bro binary on my own to analyze PCAP files. Then either use apt-get to install Bro or compile it from source. $ sudo mv GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat $ sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev In Splunk Web > Settings > Data Inputs > PCAPSīro script: /opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/extract-all.broīro seed file: /opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/bro.seeds Is anyone using the Bro PCAP data input? I must have gone wrong during installation somewhere? I saw there are other similar problems, and the solution was to unset LD_LIBRARY_PATH, but I don't see how I can do that with the Bro binary file. I've also configured the local/nf, but we haven't gotten that far, so Splunk trying to run Bro errors out. The modular input seems fine, being that it sees the PCAP. So I'm confident the version of Bro I'm using is not causing this error. I get the error if I apt-get install Bro OR compile it from source. but reverted back to Bro v2.2 and still got the error. Originally, I tried with current Bro version. These commands will require root privileges or being in a correct sudoers group.Splunk Enterprise standalone instance (v6.6.3) on Ubuntu 16.04. ĭepending on your host machine distribution, you should install libssl-dev or equivalent package with following commands: These requirements are mentioned in a dedicated Kernel documentation page: Minimal requirements to compile the Kernel. This is due to missing OpenSSL development package which needs to be installed in on your host machine. scripts/extract-cert.c:21:10: fatal error: openssl/bio.h: Aucun fichier ou dossier de ce type usr/include/x86_64-linux-gnu/openssl/opensslconf.h:13:10: fatal error: openssl/opensslv.h: Aucun fichier ou dossier de ce type In file included from /usr/include/openssl/e_os2.h:13, Here are the build logs that are displayed when error occurs: While compiling the Linux kernel, some error described below are met with the scripts/sign-file or scripts/extract-cert host compilation steps. Compiling Linux Kernel fails looking at OpenSSL header files
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |