FreeBSD: zeek module on beats

[Miroslav Lachman]

Davide Robusto wrote on 2019/12/05 16:42:
> Hi Juraj
> 
> Thanks for the quick response.
> 
> I understand that will not be released immediately, in this regard I have
> two questions:
> 
> 1.       you could give me the instructions to be able to create the ports
> of the version of "beats-7.x" for FreeBSD starting from the port of the
> version 6.8.5 adding all the beats family programs updated to the 7.x
> version? I’m sure I will need to modify also the Makefile and the pkg-plist
> for that.
> 
> 2.       Using the version of filebeat8.0 (master branch) it can be
> installed with a custom path on FreeBSD 12.0 ?
> 
> 
> Best regards
> 
> Davide Robusto
> 
> Il giorno gio 5 dic 2019 alle ore 13:44 Juraj Lutter <juraj at lutter.sk> ha
> scritto:
> 
>> Hi,
>>
>> not sure what you want to achieve, but:
>>
>> The sysutils/beats is already at version 6.8.5.
>> For zeek, there already is security/zeek created.
>>
>> However, zeek module is only supported in beats 7.x (as part of whole ES7
>> stack).
>>
>> We currently do not have ES7 stack in ports, but if nothing serious
>> happens,
>> I will spend some time on getting ES7 ports polished, tested and commited.
>>
>> Hope this helped.
>>
>> —
>> Juraj Lutter
>> URL:  http://www.wilbury.sk/
>> XMPP: juraj at lutter.sk
>> Do not hesitate to inquiry for professional services!
>>
>>> On 5 Dec 2019, at 12:27, Davide Robusto <daviderobusto at gmail.com> wrote:
>>>
>>> Hello, my name is Davide.
>>>
>>> I’m trying to install the ELK stack on FreeBSD but i have some problems.
>>>
>>> In particular my problems it concernes “Beats” and his version on
>> FreeBSD.
>>>
>>> I read on the web that the ports’s last version released of “Beats” is
>>> 6.8.5 but in this one the module “Zeek” is not supported, so i ask you if
>>> it’s possible to explain me how I can make an upgraded version of the
>> ports
>>> starting from the 6.8.5.
>>>
>>> My attempt was a bit forcefull because i download the last version of
>>> “Beats”, i build all files (like filebeat, metricbeat etc with the
>> command
>>> gmake) but after that i dont like too much to move the binary file into
>> the
>>> installation location of (for example) beats-6.8.5.
>>>
>>> Could you explain how to create the “ports for beats-6.8.5”, please?
>>>
>>> I hope that the problem’s resolution can be helpful to the comunity of
>>> FreeBSD and also help you guys to release a new version of “beats” on
>>> FreeBSD.

Some of the ELK7 ports have assigned PR with patches to upgrade to 7.x 
version. You can look at 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237372

If you want to try something yourself you better start with Porters Handbook
https://www.freebsd.org/doc/en/books/porters-handbook/index.html

Miroslav Lachman