[Bro] Possible Bro Cluster communication issue?

Daniel Thayer dnthayer at illinois.edu
Thu Nov 14 20:36:06 PST 2013

On 11/14/2013 10:26 PM, Gary Faulkner wrote:
> Hello,
> Another Bro newbie here. Having an odd issue getting my bro 2.2
> (release) cluster working properly. I have 2 physical hosts. The first
> host is running the manager, proxy, and some workers, and the second
> host is running several workers. After running broctl install and broctl
> start the workers spin up on both hosts, however, the workers on host 2
> don't seem to be reliably reporting back to the master or connecting to
> the proxy.
> I confirmed that the processes were running on both hosts and that ssh
> sessions were established between the two hosts, but a broctl status
> only showed peers for workers on the same host as the manager, fewer
> peers than expected for the proxy (about as many as were on host1), and
> broctl netstat didn't return any results for the workers on the second
> host.
> At some point the proxy crashed on my first run, and upon restarting
> everything I had the same results minus the proxy crash. Interestingly
> enough broctl capstats did return results for both hosts showing a
> relatively even workload of about 3Gbps each. Also, I didn't find any
> logs other than stderr and stdout on the second host in /bro/log or
> /bro/spool. Any thoughts?
> Regards,

Did you check if a there's a firewall running on either host?
If so, you could try turning it off temporarily to see if that resolves 
the problem.

More information about the Bro mailing list