[Bro] Possible Bro Cluster communication issue?
gary at doit.wisc.edu
Thu Nov 14 21:20:48 PST 2013
Both hosts are running host based FWs, but disabling them doesn't appear
to make a difference in the behavior. I can ssh between hosts just fine
as the bro user with key-based auth and broctl seems to open an ssh
session per worker between the two hosts that appear stay established
throughout just fine. Does all the communication happen over those ssh
sessions or are there other types of connections happening between
master/proxy and worker?
On 11/14/2013 10:36 PM, Daniel Thayer wrote:
> On 11/14/2013 10:26 PM, Gary Faulkner wrote:
>> Another Bro newbie here. Having an odd issue getting my bro 2.2
>> (release) cluster working properly. I have 2 physical hosts. The first
>> host is running the manager, proxy, and some workers, and the second
>> host is running several workers. After running broctl install and broctl
>> start the workers spin up on both hosts, however, the workers on host 2
>> don't seem to be reliably reporting back to the master or connecting to
>> the proxy.
>> I confirmed that the processes were running on both hosts and that ssh
>> sessions were established between the two hosts, but a broctl status
>> only showed peers for workers on the same host as the manager, fewer
>> peers than expected for the proxy (about as many as were on host1), and
>> broctl netstat didn't return any results for the workers on the second
>> At some point the proxy crashed on my first run, and upon restarting
>> everything I had the same results minus the proxy crash. Interestingly
>> enough broctl capstats did return results for both hosts showing a
>> relatively even workload of about 3Gbps each. Also, I didn't find any
>> logs other than stderr and stdout on the second host in /bro/log or
>> /bro/spool. Any thoughts?
> Did you check if a there's a firewall running on either host?
> If so, you could try turning it off temporarily to see if that resolves
> the problem.
Office of Campus Information Security
More information about the Bro