[Bro] Possible Bro Cluster communication issue?
Gary Faulkner
gary at doit.wisc.edu
Thu Nov 14 20:26:28 PST 2013
Hello,
Another Bro newbie here. Having an odd issue getting my bro 2.2
(release) cluster working properly. I have 2 physical hosts. The first
host is running the manager, proxy, and some workers, and the second
host is running several workers. After running broctl install and broctl
start the workers spin up on both hosts, however, the workers on host 2
don't seem to be reliably reporting back to the master or connecting to
the proxy.
I confirmed that the processes were running on both hosts and that ssh
sessions were established between the two hosts, but a broctl status
only showed peers for workers on the same host as the manager, fewer
peers than expected for the proxy (about as many as were on host1), and
broctl netstat didn't return any results for the workers on the second
host.
At some point the proxy crashed on my first run, and upon restarting
everything I had the same results minus the proxy crash. Interestingly
enough broctl capstats did return results for both hosts showing a
relatively even workload of about 3Gbps each. Also, I didn't find any
logs other than stderr and stdout on the second host in /bro/log or
/bro/spool. Any thoughts?
Regards,
--
Gary Faulkner
UW Madison
Office of Campus Information Security
608-262-8591
More information about the Bro
mailing list