[Bro-Dev] broctl process tracking problems

Will baxterw3232 at gmail.com
Fri Feb 17 10:23:35 PST 2012 

I had the same issue a time or two.  Running 'broctl ps.bro' right after
'broctl status' has become part of my new ritual before stopping/starting
or just restarting any of my clusters.

Will
On Feb 17, 2012 12:08 PM, "Aashish Sharma" <asharma at lbl.gov> wrote:

> Yes. Incidently, I had same issue 3 days back. broctl analysis scan
> showed scan was disabled but cluster was still dropping host on scan.
>
> So I started looking at broctl status which said cluster not running
> while tail -f conn.log was growing.
>
> Ended up kill -s 9 on all bro worker nodes and restart with broctl.
> After which it has been fine. I was quite unusual.
>
> Aashish
>
> On Fri, Feb 17, 2012 at 12:00:28PM -0500, Seth Hall wrote:
> > Has anyone else ever had trouble with broctl getting confused about the
> status of a process?  I just ran into it a little bit ago where broctl
> thought that all of my workers were dead when I tried to do a restart
> command.  They failed when they were trying to start again because with the
> myricom sniffer drivers you can only sniff the interface once.
> >
> > We need to do some debugging on this, but it happens sporadically enough
> that it might be tough.  I sort of wonder if there are issues with
> broctl.dat being written, I've run into problems in that file before where
> things wouldn't be written right.  Would it make sense to maybe even move
> away from broctl.dat (which tracks cluster state) and toward something like
> an SQLite database?
> >
> >   .Seth
> >
> > --
> > Seth Hall
> > International Computer Science Institute
> > (Bro) because everyone has a network
> > http://www.bro-ids.org/
> >
> >
> > _______________________________________________
> > bro-dev mailing list
> > bro-dev at bro-ids.org
> > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
> --
> Aashish Sharma  (asharma at lbl.gov)
> Cyber Security, Information Technology Division
> Lawrence Berkeley National Laboratory
> http://www.lbl.gov/cyber/pgp-aashish.txt
> Office: (510)-495-2680  Cell: (510)-457-1525
>
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro-ids.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20120217/0e1f7d18/attachment.html

More information about the bro-dev mailing list