[Bro] bro won't start -- I've broken something...

Russell Fulton r.fulton at auckland.ac.nz
Sun Sep 22 15:41:00 PDT 2013 

THanks Justin!

Doh! It had to be something simple!  

Time I retired ;)

Russell

On 23/09/2013, at 10:31 AM, "Azoff, Justin" <jazoff at albany.edu>
 wrote:

> Could be simple... Have you ran broctl install?
> 
> I would do a
> 
> broctl stop
> broctl cleanup --all
> broctl install
> broctl check
> broctl start
> 
> For good measure
> 
> Russell Fulton <r.fulton at auckland.ac.nz> wrote:
> 
> 
> HI folks
> 
> I ran out of disk last week and after cleaning up I find that bro won't start.  At first "broctl start" would hang after the 'starting manager…'  you had to kill the processes.
> 
> I then reinstalled bro (keeping my config) and now I get:
> 
> sensors at secmontst01:~$ sudo broctl start
> starting manager ...
> manager terminated immediately after starting; check output with "diag"
> 
> so I did that:
> 
> sensors at secmontst01:~$ sudo broctl diag
> [manager]
> No gdb installed.
> 
> ==== No reporter.log
> 
> ==== stderr.log
> error in /opt/bro/share/bro/base/frameworks/cluster/__load__.bro, line 16: can't open cluster-layout
> 
> ==== stdout.log
> unlimited
> unlimited
> unlimited
> 
> ==== .cmdline
> -U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
> 
> ==== .env_vars
> PATH=/opt/bro/bin:/opt/bro/share/broctl/scripts:/sbin:/bin:/usr/sbin:/usr/bin
> BROPATH=/var/opt/bro/spool/installed-scripts-do-not-touch/site::/var/opt/bro/spool/installed-scripts-do-not-touch/auto:/opt/bro/share/bro:/opt/bro/share/bro/policy:/opt/bro/share/bro/site
> CLUSTER_NODE=manager
> 
> broctl.cfg:
> 
> ## Global BroControl configuration file.
> 
> # Recipient address for all emails send out by Bro and BroControl.
> MailTo = r.fulton at auckland.ac.nz
> 
> # Site-specific policy script to load. Bro will look for this in
> # $PREFIX/share/bro/site. A default local.bro comes preinstalled
> # and can be customized as desired.
> SitePolicyStandalone = local.bro
> 
> # Location of other configuration files that can be used to customize
> # BroControl operation (e.g. local networks, nodes).
> CfgDir = /opt/bro/etc
> 
> # Location of the spool directory where files and data that are currently being
> # written are stored.
> SpoolDir = /home/sensors/data/test1/bro-spool
> 
> # Location of the log directory.  This is longer term storage for rotated logs.
> LogDir = /home/sensors/data/test1/bro-logs
> 
> # Rotation interval in seconds for log files on manager/standalone node.
> LogRotationInterval = 3600
> 
> # Expiration interval for log files in LogDir. Files older than this many days
> # will be deleted upon running "broctl cron".
> # LogExpireInterval = 30
> 
> # Lower threshold for space available on the disk that holds SpoolDir. If less
> # space is available, BroControl starts sending out warning emails.
> MinDiskSpace = 5
> 
> # Logs debug information into spool/debug.log.
> Debug = 1
> 
> network.cfg:
> 
> List of local networks in CIDR notation, optionally followed by a
> # descriptive tag.
> # For example, "10.0.0.0/8" or "fe80::/64" are valid prefixes.
> 
> 
> 172.24.0.0/16   UoA staff wireless
> 
> 172.23.0.0/16   UoA student wireless
> 
> 130.216.0.0/16  UoA wired
> 
> 10.2.0.0/16     UoA resnet
> 
> node.cfg:
> 
> 
> [manager]
> type=manager
> host=130.216.5.218
> #
> [proxy-1]
> type=proxy
> host=130.216.5.218
> #
> 
> [worker-1]
> type=worker
> lb_method=pf_ring
> host=130.216.5.218
> interface=eth2
> 
> [worker-2]
> type=worker
> lb_method=pf_ring
> host=130.216.5.218
> interface=eth2
> 
> [worker-3]
> type=worker
> lb_method=pf_ring
> host=130.216.5.218
> interface=eth2
> 
> [worker-4]
> type=worker
> lb_method=pf_ring
> host=130.216.5.218
> interface=eth2
> 
> 
> 
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 
>

More information about the Bro mailing list