[Bro] log streams in a bro cluster
Azoff, Justin S
jazoff at illinois.edu
Wed Jun 8 05:36:14 PDT 2016
> On Jun 8, 2016, at 4:43 AM, Luis Martin Liras <martin.liras at gmail.com> wrote:
> Hi all,
> I need some help with the logs generated by a Bro Cluster:
> I have 5 bro scripts that run in all workers of my cluster
> infrastructure. All of them work OK, sending notices to the manager and
> all the staff, but one of them should create a LOG stream (warnings.log)
> that I can't find anywhere:
> Log::create_stream(umas::WARN, [$columns=warn_info,$path="warnings"]);
> If I run my script in a single bro installation, all logs and notices
> seem to work, but I need it working in a cluster infrastructure.
> I expected this Log stream to be sent to the 'logs' directory in the
> manager, but that log file is not there. Only standard log files
> (dns.log, http.log, stdout.log, etc) are copied to the 'logs' directory.
> This warnings.log file do not appear either anywhere in the worker, and
> not error log file is shown, so... I'm lost.
> I anyone can shed some light into this, I would appreciate it.
When are you writing to that log? Just creating the log stream doesn't create the file until you do a
> The other problem I have is the following: My script should open a
> config file. In a single machine infrastructure this config file is in
> the same directory of the scripts, and everything work fine. The file is
> opened and read. However in a cluster infrastructure the file is not
> opened in the workers. I find that the file is copied by broctl to the
> worker BUT it is not read when the bro script is running. Anyone can
> tell me what I'm doing wrong or where should I locate that file in the
> Thank you for any help!!
How are you loading the configuration file?
You should be using something like
local config_path = fmt("%s/my-config.something", @DIR);
otherwise a relative or absolute path may not be what you expect.
- Justin Azoff
More information about the Bro