[Bro] Cluster setup

hiren panchasara hiren.panchasara at gmail.com
Tue Oct 29 10:09:07 PDT 2013


On Mon, Oct 28, 2013 at 11:50 PM, Daniel Thayer <dnthayer at illinois.edu> wrote:
> Did you verify that you can ssh from host-A to host-B without
> having to type a password?
Just set that up.
>
> Next, on host-B, verify that the partition where /usr/local/spool
> is located is not mounted read-only and that there is some free
> disk space (broctl is trying to create a directory
> in /usr/local/spool on host-B).
Checked this too.

Still,

[BroControl] > install
removing old policies in
/usr/local/spool/installed-scripts-do-not-touch/site ... done.
removing old policies in
/usr/local/spool/installed-scripts-do-not-touch/auto ... done.
creating policy directories ... done.
installing site policies ... done.
generating cluster-layout.bro ... done.
generating local-networks.bro ... done.
generating broctl-config.bro ... done.
updating nodes ... warning: host 10.73.149.31 is not alive
done.
[BroControl] >

What  does that mean? I still cannot get worker-1 to work properly.

in "top" (inside broctl) also, worker-1 is shown <not running>

Do I need to setup anything on worker-1?

Cheers,
Hiren


>
>
>
>
> On 10/29/2013 01:28 AM, hiren panchasara wrote:
>>
>>
>> Hi All,
>>
>> Here is what I am trying to achieve: Incoming traffic on Host-A should
>> be sent to worker Host-B (and to more workers in future).
>>
>> Here is how my config looks like in node.cfg
>>
>> Manager: Host-A
>> Proxy:     Host-A
>> Worker1: Host-B (which is 10.73.149.31)
>>
>> I have bro installed on all machines. Now, I start broctl on Host-A:
>>
>> -bash-4.2$ sudo broctl
>> Password:
>>
>> Welcome to BroControl 1.1
>>
>> Type "help" for help.
>>
>> [BroControl] > install
>> removing old policies in
>> /usr/local/spool/installed-scripts-do-not-touch/site ... done.
>> removing old policies in
>> /usr/local/spool/installed-scripts-do-not-touch/auto ... done.
>> creating policy directories ... done.
>> installing site policies ... done.
>> generating cluster-layout.bro ... done.
>> generating local-networks.bro ... done.
>> generating broctl-config.bro ... done.
>> updating nodes ... warning: host 10.73.149.31 is not alive
>> done.
>> [BroControl] > install
>> removing old policies in
>> /usr/local/spool/installed-scripts-do-not-touch/site ... done.
>> removing old policies in
>> /usr/local/spool/installed-scripts-do-not-touch/auto ... done.
>> creating policy directories ... done.
>> installing site policies ... done.
>> generating cluster-layout.bro ... done.
>> generating local-networks.bro ... done.
>> generating broctl-config.bro ... done.
>> updating nodes ... done.
>> [BroControl] > start
>> starting manager ...
>> starting proxy-1 ...
>> starting worker-1 ...
>> cannot create working directory for worker-1   <<-- not sure why I get
>> this message.
>> [BroControl] >
>>
>> Do I need to do anything on Worker-1?? Do I need to put it in some
>> special mode?
>>
>> Any help/pointers would be appreciated.
>>
>> Cheers,
>> Hiren
>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>



More information about the Bro mailing list