Enabling the broctl fails the build about docker-zeek HOT 10 CLOSED

seems like you need to add bash to the apk add --no-cache line, Alpine by default only ships with /bin/sh to keep it as small as possible.

from docker-zeek.

please let me know if you get it working, I don't use broctl, but have always wanted to allow for clustered deployments

from docker-zeek.

I got the broctl to run (with bro 2.5). I had to install python inside the container. The logs are being generated and captured, but broctl reports the status as crashed. The same thing happened with another docker bro image based on Alpine. Is it an Alpine issue?

from docker-zeek.

Have you seen it work on a ubuntu based docker image?

from docker-zeek.

Can you give me more info on how you are running it? Are you trying it as a cluster? Or just as a single node?

from docker-zeek.

I am running as a single node. I am running the image as follows:
docker run -d --net=host blacktop/docker-bro -i ens33 -C
docker exec -it /bin/bash
I ran broctl from bash in the container. The status shows as crashed.
The same thing happened with dpisano/docker-bro which is also alpine based. Broctl reports status as crashed, but the logs are being generated and the bro process is running.
However, broctl reports correctly on the image I built based on Ubuntu. But the size of the image I built is unwieldly big. Trying to optimize that size.

from docker-zeek.

Did you ever figure this out?

from docker-zeek.

Also can you try again with this image because I know the Zeek team has been making a LOT of updates to master

from docker-zeek.

I think this is because I compile WITHOUT broctl by default --disable-broctl \

this is to make the default zeek image as small as possible.

from docker-zeek.

I am adding a 🆕 flavor called broctl that should do what you want.

from docker-zeek.