[Bro] broctl worker-1 cluster problem

Aashish Sharma init.conf at gmail.com
Thu Aug 29 18:31:35 PDT 2013


I think when manager is installing policies/scripts etc on worker nodes, bro ssh'es to the worker nodes as user "bro" and not  as user "jesse"

That's where you are seeing problem. 

Aashish 

On Aug 29, 2013, at 6:09 PM, jessebort at hushmail.com wrote:

> I'm a new bro user and have tried to find the answer to this, but have had no luck. I've got version 2.1 installed. I can run bro in standalone mode with no problem, but I've tried to install a bro cluster with worker-1 on a remote host/VM with the same problem. Here is what I've tried to do:
> 
> created user jesse on both manager/proxy - 192.168.43.1
>    o configured node.cfg for manager and proxy to be 192.168.43.1
>    o configured node.cfg for worker-1 to be 192.168.43.130
>    o performed ssh-keygen as user jesse
>    o copied .ssh/rsa_id.pub to 192.168.43.130 /home/jesse/.ssh/authorized_keys
>    o able to ssh as jesse from 192.168.43.1 to 192.168.43.130 with no required password/passphrase
>    o added jesse to /etc/sudoers to do everything root can
> 
> created user jesse on worker-1 192.168.43.130 (VM)
>    o changed owner of /usr/local/bro to jesse
>    o added jesse to /etc/sudoers to do everything root can
> 
> as user jesse on manager/proxy > sudo broctl
>                                 
> [BroControl] > install
> removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/site ... done.
> removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/auto ... done.
> creating policy directories ... done.
> installing site policies ... done.
> generating cluster-layout.bro ... done.
> generating local-networks.bro ... done.
> generating broctl-config.bro ... done.
> updating nodes ... warning: host 192.168.43.130 is not alive <== Not sure why I got this
> done.
> [BroControl] > install
> waiting for lock ..... ok
> removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/site ... done.
> removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/auto ... done.
> creating policy directories ... done.
> installing site policies ... done.
> generating cluster-layout.bro ... done.
> generating local-networks.bro ... done.
> generating broctl-config.bro ... done.
> updating nodes ... done.                                                  <== Able to find 192.168.43.130 next time
> [BroControl] > diag worker-1
> [worker-1]
> No work dir found
> [BroControl] > start
> starting manager ...
> starting proxy-1 ...
> starting worker-1 ...
> cannot create working directory for worker-1                         <== Issue
> cannot create working directory for [(<BroControl.node.Node instance at 0x18c14d0>, '/usr/local/bro/spool/worker-1')] <== tried to put a debug statement in control.py to see the actual directory it was having issues with 
> 
> I see nothing installed in /usr/local/bro/spool on worker-1
> 
> Thanks for any help you can give me
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130829/47b7ec8b/attachment.html 


More information about the Bro mailing list