-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Homebrew-installed Zeek v4.0.0 on macOS lacks GeoIP support #15
Comments
The Zeek devs confirmed they had no control over the Homebrew build, so I've taken my shot with a PR at Homebrew/homebrew-core#74498. 🤞 |
The issue was, indeed, addressed via Homebrew/homebrew-core#74498. Now that new bottles are available that include this fix, here's a run through setting up a Homebrew-installed Zeek with
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For the Zeek artifacts we build ourselves, we've been linking against libmaxminddb so we can include the https://github.com/brimdata/geoip-conn package and hence provide some geolocation data in the Zeek logs generated from pcaps. However, part of what we're trying to achieve with Brimcap is to make it easier for users to bring their own custom Zeek/Suricata, so we're likely to provide some per-platform guidance regarding this (#14).
One problem I've noticed in this area is that the Homebrew-installed Zeek v4.0.0 currently lacks the ability to run the geoip-conn package via
zkg
install. It installs ok, but when run:I bumped into this same problem a while back with the Zeek installs for Linux and managed to see it addressed via zeek/zeek#1086. I just hadn't thought to check/pursue the macOS angle at the time. I'm actually uncertain who even has influence over those Homebrew installs, so for now I've just revived a thread on the Zeek public Slack with the Devs that helped last time to see if they have a recommendation for how to proceed. If it can't be addressed in a timely manner, we can just highlight it in the guidance proposed in #14.
The text was updated successfully, but these errors were encountered: