[Bro] Nodes still crashing/Site specific files

Richards, James L - DOA James.Richards at wisconsin.gov
Thu Jun 13 12:04:47 PDT 2013

When I do a broctl check all nodes comeback as OK

When I do a broctl diag I get:

No gdb installed.

==== No reporter.log

==== stderr.log
/usr/local/bro/bin/bro: error while loading shared libraries: libpcap.so.0.8: cannot open shared object file: No such file or directory

==== stdout.log

==== .cmdline
-i eth4 -U .status -p broctl -p broctl-live -p local -p worker-3-8 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto

==== .env_vars

==== No .status

==== No prof.log

==== No packet_filter.log

==== No loaded_scripts.log

James Richards
Office of Security
Wisconsin Department of Administration

-----Original Message-----
From: Siwek, Jonathan Luke [mailto:jsiwek at illinois.edu] 
Sent: Thursday, June 13, 2013 1:06 PM
To: Richards, James L - DOA
Cc: bro at bro.org
Subject: Re: [Bro] Nodes still crashing/Site specific files

On Jun 13, 2013, at 11:03 AM, "Richards, James L - DOA" <James.Richards at wisconsin.gov> wrote:

> When performing a new installation, I would like to copy back my site-specific files with modifications, and it appears that some files live outside of the /usr/local/bro directory.

It can depend on how you configured/installed and on what OS, but if you're just doing a default build from source, then nothing should get installed outside /usr/local/bro.  What files did you find outside that dir?

>   Does anyone know offhand where I should look for these files.

This should be all of them:


> I have performed a new install, then copied the files from a previous working version of bro from the /usr/local/previous-bro/share/bro/site and /usr/local/previous-bro/spool/ directories to the current bro install...  but all of my nodes crash upon issuing the START command from broctl.

Copying the spool dir between installs isn't typical.  But you could use `broctl diag` to get more info about why the nodes don't start.

- Jon

More information about the Bro mailing list