[Bro] Possible Bro Cluster communication issue?

Daniel Thayer dnthayer at illinois.edu
Fri Nov 15 06:24:14 PST 2013


Which Linux distro (and which version) are you using?  And were
you using the default FW settings?  Also, were you able to
determine why the proxy was crashing?  If so, how did
you resolve the problem?


On 11/15/2013 02:05 AM, Gary Faulkner wrote:
> Actually, it was the firewall, but I also had a secondary problem in
> that the proxy was constantly crashing due a lack of system resources so
> it didn't initially appear that disabling the firewall relieved the
> communication problem. I didn't recall seeing any FW considerations
> beyond ssh in the documentation, but I did eventually find an external
> document at https://gist.github.com/grigorescu/3776670 and a quick
> netstat allowed me to confirm the ports on my hosts. Thanks for the help!
>
>
>
> On 11/14/2013 11:20 PM, Gary Faulkner wrote:
>> Both hosts are running host based FWs, but disabling them doesn't appear
>> to make a difference in the behavior. I can ssh between hosts just fine
>> as the bro user with key-based auth and broctl seems to open an ssh
>> session per worker between the two hosts that appear stay established
>> throughout just fine. Does all the communication happen over those ssh
>> sessions or are there other types of connections happening between
>> master/proxy and worker?
>>




More information about the Bro mailing list