[Bro-Dev] broctl process tracking problems
baxterw3232 at gmail.com
Fri Feb 17 10:23:35 PST 2012
I had the same issue a time or two. Running 'broctl ps.bro' right after
'broctl status' has become part of my new ritual before stopping/starting
or just restarting any of my clusters.
On Feb 17, 2012 12:08 PM, "Aashish Sharma" <asharma at lbl.gov> wrote:
> Yes. Incidently, I had same issue 3 days back. broctl analysis scan
> showed scan was disabled but cluster was still dropping host on scan.
> So I started looking at broctl status which said cluster not running
> while tail -f conn.log was growing.
> Ended up kill -s 9 on all bro worker nodes and restart with broctl.
> After which it has been fine. I was quite unusual.
> On Fri, Feb 17, 2012 at 12:00:28PM -0500, Seth Hall wrote:
> > Has anyone else ever had trouble with broctl getting confused about the
> status of a process? I just ran into it a little bit ago where broctl
> thought that all of my workers were dead when I tried to do a restart
> command. They failed when they were trying to start again because with the
> myricom sniffer drivers you can only sniff the interface once.
> > We need to do some debugging on this, but it happens sporadically enough
> that it might be tough. I sort of wonder if there are issues with
> broctl.dat being written, I've run into problems in that file before where
> things wouldn't be written right. Would it make sense to maybe even move
> away from broctl.dat (which tracks cluster state) and toward something like
> an SQLite database?
> > .Seth
> > --
> > Seth Hall
> > International Computer Science Institute
> > (Bro) because everyone has a network
> > http://www.bro-ids.org/
> > _______________________________________________
> > bro-dev mailing list
> > bro-dev at bro-ids.org
> > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
> Aashish Sharma (asharma at lbl.gov)
> Cyber Security, Information Technology Division
> Lawrence Berkeley National Laboratory
> Office: (510)-495-2680 Cell: (510)-457-1525
> bro-dev mailing list
> bro-dev at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bro-dev