[Bro] ganeti cluster with bro cluster
randy at psg.com
Sun Feb 12 23:04:40 PST 2017
[ ubuntu 16.04 on ganeti cluster ]
so i figured the config out
and i got the worker-0 node to be able to pcap its eth0 by
sudo setcap cap_net_raw,cap_net_admin=eip /usr/local/bro/bin/bro
although i ran the same on worker-1 and worker-2, they fail with
worker-2 terminated immediately after starting; check output with "diag"
worker-1 terminated immediately after starting; check output with "diag"
and the logs say
fatal error: problem with interface eth0 (pcap_error: socket: Operation not permitted (pcap_activate))
i suspected that when `broctl deploy` copies over
/usr/local/bro/bin/bro, the copies do not inherit the capabilities. but
<it failed with the pcap_error>
<did `sudo setcap cap_net_raw,cap_net_admin=eip /usr/local/bro/bin/bro` on all workers>
and the same result, pcap_error on workers 1 and 2, not on 0.
i also get
Error: error occurred while trying to send mail: send-mail: SENDMAIL-NOTFOUND not found
$ which sendmail
clue bat, please
More information about the Bro