Thanks Eric. But I have tried to remove bro-doctor entry in packages.zeek but without luck. Same error. On the other hand, I have af_packet plugin installed and “zeekctl deploy” only returns error with bro-doctor …. From: Eric Ooi <ericooi(a)gmail.com> Date: Friday, 31 July 2020 at 15:34 To: Carlos Lopez <clopmz(a)outlook.com>om>, "zeek(a)lists.zeek.org" <zeek(a)lists.zeek.org> Subject: Re: Error with bro-doctor package with 3.0.8 release I noticed this error with the af_packet plugin. Looked like zkg added it in to my packages.zeek file where it wasn’t there before (I compared it to another install I hadn’t upgraded yet). When I removed the entry and redeployed, it worked fine. - Eric ericooi.com ________________________________ From: Carlos Lopez <clopmz(a)outlook.com> Sent: Friday, July 31, 2020 8:26:28 AM To: zeek(a)lists.zeek.org <zeek(a)lists.zeek.org> Subject: [Zeek] Error with bro-doctor package with 3.0.8 release Hi all. After update my Zeek 3.0.7 cluster to 3.0.8, when I try to make “zeekctl deploy” the following error is returned: checking configurations ... logger scripts failed. fatal error in /opt/zeek/share/zeek/site/packages/__load__.zeek, line 4: can't find ./bro-doctor manager scripts failed. fatal error in /opt/zeek/share/zeek/site/packages/__load__.zeek, line 4: can't find ./bro-doctor proxy scripts failed. fatal error in /opt/zeek/share/zeek/site/packages/__load__.zeek, line 4: can't find ./bro-doctor idps-prod-dmz scripts failed. fatal error in /opt/zeek/share/zeek/site/packages/__load__.zeek, line 4: can't find ./bro-doctor This error seems to be for 3.0.8, because in 3.0.7 works without problems. Comparing packages.zeek file between 3.0.7 and 3.0.8, there is one difference: 3.0.8: # WARNING: This file is managed by zkg. # Do not make direct modifications here. @load ./add-node-names @load ./bro-doctor @load ./dovehawk @load ./hassh @load ./ja3 @load ./zeek-af_packet-plugin @load ./zeek-community-id 3.0.7: # WARNING: This file is managed by zkg. # Do not make direct modifications here. @load ./add-node-names @load ./dovehawk @load ./hassh @load ./ja3 @load ./zeek-af_packet-plugin @load ./zeek-community-id As you can see there is no an entry for bro-doctor … And it makes sense … In zeek 3.1.4 packages.zeek is configured as in 3.0.7 … Any idea? Regards, C. L. Martinez

Thanks Eric. Yes. Installing without bro-doctor, there is no error … From: Eric Ooi &lt;ericooi(a)gmail.com&gt; Date: Friday, 31 July 2020 at 16:24 To: Carlos Lopez &lt;clopmz(a)outlook.com&gt; Cc: &quot;zeek(a)lists.zeek.org&quot; &lt;zeek(a)lists.zeek.org&gt; Subject: Re: Error with bro-doctor package with 3.0.8 release Weird. I also noticed that af-packet is placed back into my /opt/zeek/share/zeek/site/packages/__load__.zeek file if I run a zkg refresh. But if I stop and try to deploy again with that entry reloaded, I again see the "fatal error in /opt/zeek/share/zeek/site/packages/__load__.zeek, line 10: can't find ./zeek-af_packet-plugin.” Removing it again results in a successful deploy. For reference I’m using zkg 2.2.0. I haven’t used bro-doctor so I can’t speak specifically to it, only that the issue seems similar. For testing purposes, have you tried uninstalling bro-doctor and seeing if you can deploy Zeek? On Jul 31, 2020, at 9:14 AM, Carlos Lopez <clopmz@outlook.com<mailto:clopmz@outlook.com>> wrote: Thanks Eric. But I have tried to remove bro-doctor entry in packages.zeek but without luck. Same error. On the other hand, I have af_packet plugin installed and “zeekctl deploy” only returns error with bro-doctor …. From: Eric Ooi <ericooi@gmail.com<mailto:ericooi@gmail.com>> Date: Friday, 31 July 2020 at 15:34 To: Carlos Lopez <clopmz@outlook.com<mailto:clopmz@outlook.com>>, "zeek@lists.zeek.org<mailto:zeek@lists.zeek.org>" <zeek@lists.zeek.org<mailto:zeek@lists.zeek.org>> Subject: Re: Error with bro-doctor package with 3.0.8 release I noticed this error with the af_packet plugin. Looked like zkg added it in to my packages.zeek file where it wasn’t there before (I compared it to another install I hadn’t upgraded yet). When I removed the entry and redeployed, it worked fine. - Eric ericooi.com<http://ericooi.com> ________________________________ From: Carlos Lopez <clopmz@outlook.com<mailto:clopmz@outlook.com>> Sent: Friday, July 31, 2020 8:26:28 AM To: zeek@lists.zeek.org<mailto:zeek@lists.zeek.org> <zeek@lists.zeek.org<mailto:zeek@lists.zeek.org>> Subject: [Zeek] Error with bro-doctor package with 3.0.8 release Hi all. After update my Zeek 3.0.7 cluster to 3.0.8, when I try to make “zeekctl deploy” the following error is returned: checking configurations ... logger scripts failed. fatal error in /opt/zeek/share/zeek/site/packages/__load__.zeek, line 4: can't find ./bro-doctor manager scripts failed. fatal error in /opt/zeek/share/zeek/site/packages/__load__.zeek, line 4: can't find ./bro-doctor proxy scripts failed. fatal error in /opt/zeek/share/zeek/site/packages/__load__.zeek, line 4: can't find ./bro-doctor idps-prod-dmz scripts failed. fatal error in /opt/zeek/share/zeek/site/packages/__load__.zeek, line 4: can't find ./bro-doctor This error seems to be for 3.0.8, because in 3.0.7 works without problems. Comparing packages.zeek file between 3.0.7 and 3.0.8, there is one difference: 3.0.8: # WARNING: This file is managed by zkg. # Do not make direct modifications here. @load ./add-node-names @load ./bro-doctor @load ./dovehawk @load ./hassh @load ./ja3 @load ./zeek-af_packet-plugin @load ./zeek-community-id 3.0.7: # WARNING: This file is managed by zkg. # Do not make direct modifications here. @load ./add-node-names @load ./dovehawk @load ./hassh @load ./ja3 @load ./zeek-af_packet-plugin @load ./zeek-community-id As you can see there is no an entry for bro-doctor … And it makes sense … In zeek 3.1.4 packages.zeek is configured as in 3.0.7 … Any idea? Regards, C. L. Martinez