Make zeek metrics port configurable #668
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for the commit, we'll get it merged in. |
mmguero
added a commit
to mmguero-dev/Malcolm
that referenced
this pull request
May 12, 2025
…g linux environment and tweak zeekdeploy.sh so it only adds the directive for the port if it doesn't already exist (otherwise it just substitutes the value in)
This was referenced May 14, 2025
Merged
|
Your commit was cherry-picked in downstream in a development fork and then merged as part of #674. Thank you for the contribution! |
piercema
added a commit
to piercema/Malcolm
that referenced
this pull request
May 30, 2025
* bump version for v25.05.0 development * going to do a v25.04.1 release for the arkime v5.6.4 patch * bump Arkime to v5.6.4 * auth_setup tweak * bump development to v25.05.0 * work in progress for cisagov#661, incorporate ROC Plus * work in progress for cisagov#661, incorporate ROC Plus * work in progress for cisagov#661, incorporate ROC Plus * bump yq to v4.45.2 * bump NetBox to v4.3.0 * Revert "bump NetBox to v4.3.0" This reverts commit c11a918. * justfile for easy/quick configuration * work in progress for cisagov#661, incorporate ROC Plus * tweaks to control script * handle uploads better from a cURL post * justfile convenience * work in progress for cisagov#661, incorporate ROC Plus * work in progress for cisagov#661, incorporate ROC Plus * adjust justfile * fix image pulling for arm64 ami * use quiet startup in reset and autopopulate script * fix readonly conf * bump opensearch and dashboards to v3.0.0 (EXPERIMENTAL, NEED TO VET) * Revert "bump opensearch and dashboards to v3.0.0 (EXPERIMENTAL, NEED TO VET)" This reverts commit 2ee8081. * adjustment for roc+ now that filenames/paths are handled better (see cisagov/icsnpp-roc-plus#2, cisagov/icsnpp-roc-plus#1, cisagov/icsnpp-roc-plus#3) * simplify AWS eks instructions * eks auto mode documentation * adjust justfile * justfile adjustments * wip on aws * Status * aws doc update * fix example yml * cisagov#667, race condition in suricata offline container between pcap processing and suricata socket * aws documentation * aws documentation * update graphics/slides * bump yq to 4.45.2 * initialdelayseconds tweaks for dashboards/netbox * remove fargate instructions from AWS documentation * adjust sizing * update ingress version * for cisagov#670, fix autopopulation prefixes regression * bump YQ version * Make zeek metrics port configurable * related to cisagov#668, added ZEEK_METRICS_PORT to config for hedgehog linux environment and tweak zeekdeploy.sh so it only adds the directive for the port if it doesn't already exist (otherwise it just substitutes the value in) * CheckPersistentStorageDefs should allow for default or specified namespace * tweak to justfile * bump Zeek to v7.2.0 (spicy v1.13.0) * PVs in K8s are not namespaced, removed ignored namespace value * temporarily switch to profinet-io-cm to my development fork * Added file to build dir * added some command-line tools for convenience * added some command-line tools for convenience * only set queryExtraIndices if it's not using the defaults * only set queryExtraIndices if it's not using the defaults * aliases * add option to disable roc_plus via environment variable * added eza * terminal updates * update fluent-bit to v4.0.2 --------- Co-authored-by: Seth Grover <[email protected]> Co-authored-by: Matt Eaton <[email protected]>
piercema
added a commit
to piercema/Malcolm
that referenced
this pull request
Jun 23, 2025
* bump version for v25.05.0 development * going to do a v25.04.1 release for the arkime v5.6.4 patch * bump Arkime to v5.6.4 * auth_setup tweak * bump development to v25.05.0 * work in progress for cisagov#661, incorporate ROC Plus * work in progress for cisagov#661, incorporate ROC Plus * work in progress for cisagov#661, incorporate ROC Plus * bump yq to v4.45.2 * bump NetBox to v4.3.0 * Revert "bump NetBox to v4.3.0" This reverts commit c11a918. * justfile for easy/quick configuration * work in progress for cisagov#661, incorporate ROC Plus * tweaks to control script * handle uploads better from a cURL post * justfile convenience * work in progress for cisagov#661, incorporate ROC Plus * work in progress for cisagov#661, incorporate ROC Plus * adjust justfile * fix image pulling for arm64 ami * use quiet startup in reset and autopopulate script * fix readonly conf * bump opensearch and dashboards to v3.0.0 (EXPERIMENTAL, NEED TO VET) * Revert "bump opensearch and dashboards to v3.0.0 (EXPERIMENTAL, NEED TO VET)" This reverts commit 2ee8081. * adjustment for roc+ now that filenames/paths are handled better (see cisagov/icsnpp-roc-plus#2, cisagov/icsnpp-roc-plus#1, cisagov/icsnpp-roc-plus#3) * simplify AWS eks instructions * eks auto mode documentation * adjust justfile * justfile adjustments * wip on aws * Status * aws doc update * fix example yml * cisagov#667, race condition in suricata offline container between pcap processing and suricata socket * aws documentation * aws documentation * update graphics/slides * bump yq to 4.45.2 * initialdelayseconds tweaks for dashboards/netbox * remove fargate instructions from AWS documentation * adjust sizing * update ingress version * for cisagov#670, fix autopopulation prefixes regression * bump YQ version * Make zeek metrics port configurable * related to cisagov#668, added ZEEK_METRICS_PORT to config for hedgehog linux environment and tweak zeekdeploy.sh so it only adds the directive for the port if it doesn't already exist (otherwise it just substitutes the value in) * CheckPersistentStorageDefs should allow for default or specified namespace * tweak to justfile * bump Zeek to v7.2.0 (spicy v1.13.0) * PVs in K8s are not namespaced, removed ignored namespace value * temporarily switch to profinet-io-cm to my development fork * Added file to build dir * added some command-line tools for convenience * added some command-line tools for convenience * only set queryExtraIndices if it's not using the defaults * only set queryExtraIndices if it's not using the defaults * aliases * add option to disable roc_plus via environment variable * added eza * terminal updates * update fluent-bit to v4.0.2 --------- Co-authored-by: Seth Grover <[email protected]> Co-authored-by: Matt Eaton <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🗣 Description
Allow zeek MetricsPort to be set via environment variable.
💭 Motivation and context
The default port used for metrics might fail if it's already in use.
Attached patch will provide a way to set MetricsPort via env.
🧪 Testing
Bind a port (nc -l -p 9993 &), start zeek with live capture, will fail using default port.
✅ Pre-approval checklist
to reflect the changes in this PR.
✅ Pre-merge checklist
✅ Post-merge checklist