Error Hint
stderr.log fatal error: problem with interface eth0 (pcap_error: socket: Operation not permitted (pcap_active))
Information
Once that installation is done, I need to configure Zeek to convert the Zeek logs into JSON format.
First, stop Zeek from running with zeekctl stop
And add @load policy/tuning/json-logs.zeek at local.zeek file
$ sudo vim /opt/zeek/share/zeek/site/local.zeek
@load policy/tuning/json-logs.zeek
Now, started again
See that! it started with error message just like Zeek has not configured well.
Not solved!
Still can’t solve this error, because my VM is expired. But, somewhen I will try explore zeek again. I don’t know exactly :v