Zeek error unpacking configuration

I am trying to configure the seek module and keep getting this error when I
run sudo filebeat setup
Exiting: 1 error: error unpacking module config: error creating config from fileset zeek/rfb: error unpacking configuration
When I run journalctl -u filebeat.service I get
ERROR instance/beat.go:933 Exiting: Fileset zeek/signatures is configured but doesn't exist

I solved my problem, I had a misspelled word in my zeek.yml and I needed to change my log directory from /var/log/zeek/ to /var/log/bro/current/

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.