[Bro] Time machine crashing

Fabian Hensel irdeto at gmail.com
Mon Dec 10 09:08:01 PST 2007


Hi all

After having resolved my last problem, I'm already facing a new one. I
am trying to setup Broccoli communication between Bro and the
Timemachine. TM and Bro are running on the same machine and I have
included the "listen-clear" and "time-machine" in my policy, in
tm.conf the bro_connect_str is configured accordingly (see the
attached files). What happens is that I can see in the remote.log that
the TM registers to TimeMachine::command and in Bro's tm.log that it
indeed sends queries over to the TM. If I then look at the TM's
logfile, I see that the query was unsuccessful (0 matches). After a
couple of mismatches it seems that some part of the TM crashes. (i.e.
it still logs that it drops all the packets; no increase in CPU usage
though) The TM can then only be shut down by using kill -9. If I don't
use Broccoli at all and instead manually enter the same queries in the
console (replacing the "query feed" part with "query to_file"),
everything works fine. Does anyone have an idea what could be the
problem here? My guess that it something in the TM and not in Bro.

Regards - Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: remote.log
Type: application/octet-stream
Size: 3534 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071210/ac0cea21/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tm_tm.log
Type: application/octet-stream
Size: 7401 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071210/ac0cea21/attachment-0001.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tm.conf
Type: application/octet-stream
Size: 918 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071210/ac0cea21/attachment-0002.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bro_tm.log
Type: application/octet-stream
Size: 1726 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071210/ac0cea21/attachment-0003.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: poc-nf.bro
Type: application/octet-stream
Size: 419 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071210/ac0cea21/attachment-0004.obj 


More information about the Bro mailing list