-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release blockers #5
Comments
I've verified using Zeek
|
The verification of the zeek/broker#316 fix cited in the last comment above was an early test but that same fix has since made it into GA Zeek v6.2.0. The fix has been verified similarly effective in the release v6.2.0-brim1 that's already in Brimcap v1.7.0 and Zui Insiders 1.6.1-33 and is expected in GA Zui release As for zeek/zeek#3534, as anticipated above, we went ahead and worked around the problem for now on Windows via #7. I'll continue to "watch" zeek/zeek#3534 in the event it should ever become fixed and, if so, would remove the workaround at that time. I also expect at some point to add some text to the Brimcap wiki to disclose some of the known bugs in analyzers that are affecting our use cases and workarounds that are in place for them, so I'll plan to reference it there as well (see brimdata/brimcap#337). With these problems resolved adequately, we're no longer tracking blockers that would hold us back from continuing to use the latest Zeek releases as they come out, with our move to Zeek v6.2.0 being evidence of this. Therefore I'm closing this issue. |
This is an issue to track Zeek issues that feel like blockers before we could release an artifact with Brimcap/Zui based on a recent Zeek such as v6.0.2.
zeek/broker#316(fixed/verified)I originally opened my own repro in zeek/zeek#3532 before being informed it was a duplicate. It's not clear to me the degree to which the problem affects the correctness of the logs produced, but since it's actively being worked on I'm keen to wait and see if it can be resolved or clarified before investing more time on it.
zeek/zeek#3534(worked around/verified)In a pinch perhaps we could just ship our artifact with the reference to that
detect-MHR
package commented out. However, for all I know the problem could ultimately be in something else the package invokes that could crop up in other contexts, so I'm keen to wait and see what the Zeek team can say about it before working around it.In terms of how things look in the interim, at a high level here's an example using a Zui Dev Build that uses Brimcap v1.6.0-alpha2 that in turn uses v6.0.2-brim2 showing what I believe to be the zeek/zeek#3534 effect bubbled up to user level.
The text was updated successfully, but these errors were encountered: