[Bro] BROKER + CLUSTER - stuck (Mike Dopheide)

Azoff, Justin S jazoff at illinois.edu
Wed Mar 8 12:20:16 PST 2017

> On Mar 8, 2017, at 2:59 PM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
> Thanks Justin for the input!
> Yeah, you are right, tested the deploy cmd on a standalone node, and it does not hang there.
> I will test out the check.bro suggestions on the prod cluster.
> The cluster nodes use an average of ~30-35Gigs of memory (having ~125G in total)
> And the capture loss also doesn't report any loss i.e 0.025% etc
> Hence thought that the nodes were doing Ok, not sure if they are getting loads of traffic and hence getting overloaded.
> Also, I have noticed that when doing a restart on the cluster, it takes longer now (in 2.5) than it used to take when running the old version (2.4.1),
> maybe the custom scripts can be the culprit, but had same scripts in the old version as well.
Ah, I should have said manager not cluster.

Check actually runs 100% on the manager.  I think the hang is due to a race condition of some sort that prevents it from exiting like it is supposed to.  It seems to only occur when the load is high, which is why deploy has an issue but stop first+check works ok.

- Justin Azoff

More information about the Bro mailing list