I have some issues with the zeek software. After the network interface eth0 gets restarted the zeekctl goes crashed. Is there any way of restart the zeekctl process automatically after a network interface gets restarted? Thanks in advance.
tail -f /opt/zeek/logs/current/reporter.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path reporter
#open 2021-10-16-23-26-34
#fields ts level message location
#types time enum string string
1634441194.496057 Reporter::ERROR failed to read a packet from eth0: The interface went down (empty)
zeekctlis management software for Zeek, so when Zeek crashes, you can normally usezeekctlto diagnose that fact and restart nodes as needed.Failure to read from a device that was previously running shouldn't cause Zeek to exit, so make sure that this is what actually happened. The reporter.log message you're showing only indicates that Zeek noticed that the interface went away.
You can use
zeekctl start <node>orzeekctl restart <node>to start/restart a particular node in your cluster.