From owner-freebsd-elastic@freebsd.org Thu Dec 5 17:10:03 2019 Return-Path: Delivered-To: freebsd-elastic@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8BBCF1CE94D for ; Thu, 5 Dec 2019 17:10:03 +0000 (UTC) (envelope-from SRS0=xa8F=Z3=quip.cz=000.fbsd@elsa.codelab.cz) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 47TMfM0D4tz4RDq for ; Thu, 5 Dec 2019 17:10:03 +0000 (UTC) (envelope-from SRS0=xa8F=Z3=quip.cz=000.fbsd@elsa.codelab.cz) Received: by mailman.nyi.freebsd.org (Postfix) id 05C701CE94C; Thu, 5 Dec 2019 17:10:03 +0000 (UTC) Delivered-To: elastic@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 058D01CE94B for ; Thu, 5 Dec 2019 17:10:03 +0000 (UTC) (envelope-from SRS0=xa8F=Z3=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47TMfL1Mflz4RDp for ; Thu, 5 Dec 2019 17:10:02 +0000 (UTC) (envelope-from SRS0=xa8F=Z3=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id D4ED328459; Thu, 5 Dec 2019 18:04:07 +0100 (CET) Received: from illbsd.quip.test (ip-62-24-92-232.net.upcbroadband.cz [62.24.92.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id E357028411; Thu, 5 Dec 2019 18:03:57 +0100 (CET) Subject: Re: FreeBSD: zeek module on beats To: Davide Robusto Cc: Juraj Lutter , elastic@freebsd.org References: <5EBD9158-8961-437E-BA4D-6D7B3CE064D8@lutter.sk> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <515af132-cf71-c8a7-936c-41a0334cf284@quip.cz> Date: Thu, 5 Dec 2019 18:03:57 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.3 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 47TMfL1Mflz4RDp X-Spamd-Bar: ++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of SRS0=xa8F=Z3=quip.cz=000.fbsd@elsa.codelab.cz has no SPF policy when checking 94.124.105.4) smtp.mailfrom=SRS0=xa8F=Z3=quip.cz=000.fbsd@elsa.codelab.cz X-Spamd-Result: default: False [6.08 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; GREYLIST(0.00)[pass,body]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[quip.cz]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(1.00)[0.995,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(0.88)[ip: (0.39), ipnet: 94.124.104.0/21(0.19), asn: 42000(3.74), country: CZ(0.09)]; NEURAL_SPAM_LONG(1.00)[1.000,0]; RCVD_IN_DNSWL_NONE(0.00)[4.105.124.94.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=xa8F=Z3=quip.cz=000.fbsd@elsa.codelab.cz]; FREEMAIL_TO(0.00)[gmail.com]; R_DKIM_NA(0.00)[]; INTRODUCTION(2.00)[]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=xa8F=Z3=quip.cz=000.fbsd@elsa.codelab.cz]; MID_RHS_MATCH_FROM(0.00)[] X-Spam: Yes X-BeenThere: freebsd-elastic@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Support of ElasticSearch-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Dec 2019 17:10:03 -0000 Davide Robusto wrote on 2019/12/05 16:42: > Hi Juraj > > Thanks for the quick response. > > I understand that will not be released immediately, in this regard I have > two questions: > > 1. you could give me the instructions to be able to create the ports > of the version of "beats-7.x" for FreeBSD starting from the port of the > version 6.8.5 adding all the beats family programs updated to the 7.x > version? I’m sure I will need to modify also the Makefile and the pkg-plist > for that. > > 2. Using the version of filebeat8.0 (master branch) it can be > installed with a custom path on FreeBSD 12.0 ? > > > Best regards > > Davide Robusto > > Il giorno gio 5 dic 2019 alle ore 13:44 Juraj Lutter ha > scritto: > >> Hi, >> >> not sure what you want to achieve, but: >> >> The sysutils/beats is already at version 6.8.5. >> For zeek, there already is security/zeek created. >> >> However, zeek module is only supported in beats 7.x (as part of whole ES7 >> stack). >> >> We currently do not have ES7 stack in ports, but if nothing serious >> happens, >> I will spend some time on getting ES7 ports polished, tested and commited. >> >> Hope this helped. >> >> — >> Juraj Lutter >> URL: http://www.wilbury.sk/ >> XMPP: juraj@lutter.sk >> Do not hesitate to inquiry for professional services! >> >>> On 5 Dec 2019, at 12:27, Davide Robusto wrote: >>> >>> Hello, my name is Davide. >>> >>> I’m trying to install the ELK stack on FreeBSD but i have some problems. >>> >>> In particular my problems it concernes “Beats” and his version on >> FreeBSD. >>> >>> I read on the web that the ports’s last version released of “Beats” is >>> 6.8.5 but in this one the module “Zeek” is not supported, so i ask you if >>> it’s possible to explain me how I can make an upgraded version of the >> ports >>> starting from the 6.8.5. >>> >>> My attempt was a bit forcefull because i download the last version of >>> “Beats”, i build all files (like filebeat, metricbeat etc with the >> command >>> gmake) but after that i dont like too much to move the binary file into >> the >>> installation location of (for example) beats-6.8.5. >>> >>> Could you explain how to create the “ports for beats-6.8.5”, please? >>> >>> I hope that the problem’s resolution can be helpful to the comunity of >>> FreeBSD and also help you guys to release a new version of “beats” on >>> FreeBSD. Some of the ELK7 ports have assigned PR with patches to upgrade to 7.x version. You can look at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237372 If you want to try something yourself you better start with Porters Handbook https://www.freebsd.org/doc/en/books/porters-handbook/index.html Miroslav Lachman