[Bro] Bro crashed this morning..
fatema.bannatwala at gmail.com
Sun Oct 23 14:00:03 PDT 2016
So, it happened again, this morning around 6:55am.
Bro stopped at that time, don't really know why.
I got to know about this when I wanted to analyse traffic for a particular
IP around 11 and found out that we don't have any logs after 7am logged by
I quickly checked the status of bro on manager, and found that bro isn't
I restarted bro from manager and all but one worker came up online, and bro
started normally, running with remaining nodes in the cluster.
This have happened before, when one of the workers will become unreachable
and bro stops.
I don't really know what happens first,i.e whether worker becomes offline
first and then bro stops, or vise versa.
I tried looking for some errors on the workers as well as on manager in :
dir but nothing useful, only some warnings in stderr.log like following:
warning in /usr/local/bro/2.4.1/share/bro/site/connStats.bro, line 39:
dangerous assignment of double to integral (ConnStats::out$EstinboundConns
warning in /usr/local/bro/2.4.1/share/bro/site/connStats.bro, line 40:
dangerous assignment of double to integral (ConnStats::out$EstoutboundConns
listening on em1, capture length 8192 bytes
1477133753.104159 processing suspended
1477133753.104159 processing continued
1477133759.776854 Failed to open GeoIP Cityv6 database:
1477133759.776854 Failed to open GeoIPv6 Country database:
Is there anywhere else I can look also to diagnose the issue?
Is there any reason, bro will stop entirely if one of the workers become
offline for some reason?
Or the issue is completely else, and I am looking in completely wrong
Any help appreciated :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro