[Bro] bro won't start -- I've broken something...

Russell Fulton r.fulton at auckland.ac.nz
Sun Sep 22 15:15:44 PDT 2013


HI folks

I ran out of disk last week and after cleaning up I find that bro won't start.  At first "broctl start" would hang after the 'starting manager…'  you had to kill the processes.

I then reinstalled bro (keeping my config) and now I get:

sensors at secmontst01:~$ sudo broctl start
starting manager ...
manager terminated immediately after starting; check output with "diag"

so I did that:

sensors at secmontst01:~$ sudo broctl diag
[manager]
No gdb installed.

==== No reporter.log

==== stderr.log
error in /opt/bro/share/bro/base/frameworks/cluster/__load__.bro, line 16: can't open cluster-layout

==== stdout.log
unlimited
unlimited
unlimited

==== .cmdline
-U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto

==== .env_vars
PATH=/opt/bro/bin:/opt/bro/share/broctl/scripts:/sbin:/bin:/usr/sbin:/usr/bin
BROPATH=/var/opt/bro/spool/installed-scripts-do-not-touch/site::/var/opt/bro/spool/installed-scripts-do-not-touch/auto:/opt/bro/share/bro:/opt/bro/share/bro/policy:/opt/bro/share/bro/site
CLUSTER_NODE=manager

broctl.cfg:

## Global BroControl configuration file.                                                                                                                                                               

# Recipient address for all emails send out by Bro and BroControl.                                                                                                                                     
MailTo = r.fulton at auckland.ac.nz

# Site-specific policy script to load. Bro will look for this in                                                                                                                                       
# $PREFIX/share/bro/site. A default local.bro comes preinstalled                                                                                                                                       
# and can be customized as desired.                                                                                                                                                                     
SitePolicyStandalone = local.bro

# Location of other configuration files that can be used to customize                                                                                                                                   
# BroControl operation (e.g. local networks, nodes).                                                                                                                                                   
CfgDir = /opt/bro/etc

# Location of the spool directory where files and data that are currently being                                                                                                                         
# written are stored.                                                                                                                                                                                   
SpoolDir = /home/sensors/data/test1/bro-spool

# Location of the log directory.  This is longer term storage for rotated logs.                                                                                                                         
LogDir = /home/sensors/data/test1/bro-logs

# Rotation interval in seconds for log files on manager/standalone node.                                                                                                                               
LogRotationInterval = 3600

# Expiration interval for log files in LogDir. Files older than this many days                                                                                                                         
# will be deleted upon running "broctl cron".                                                                                                                                                           
# LogExpireInterval = 30                                                                                                                                                                               

# Lower threshold for space available on the disk that holds SpoolDir. If less                                                                                                                         
# space is available, BroControl starts sending out warning emails.                                                                                                                                     
MinDiskSpace = 5

# Logs debug information into spool/debug.log.                                                                                                                                                         
Debug = 1

network.cfg:

 List of local networks in CIDR notation, optionally followed by a                                                                                                                                    
# descriptive tag.                                                                                                                                                                                     
# For example, "10.0.0.0/8" or "fe80::/64" are valid prefixes.                                                                                                                                         


172.24.0.0/16   UoA staff wireless

172.23.0.0/16   UoA student wireless

130.216.0.0/16  UoA wired

10.2.0.0/16     UoA resnet

node.cfg:


[manager]
type=manager
host=130.216.5.218
#                                                                                                                                                                                                       
[proxy-1]
type=proxy
host=130.216.5.218
#                                                                                                                                                                                                       

[worker-1]
type=worker
lb_method=pf_ring
host=130.216.5.218
interface=eth2

[worker-2]
type=worker
lb_method=pf_ring
host=130.216.5.218
interface=eth2

[worker-3]
type=worker
lb_method=pf_ring
host=130.216.5.218
interface=eth2

[worker-4]
type=worker
lb_method=pf_ring
host=130.216.5.218
interface=eth2








More information about the Bro mailing list