[Bro] proxy crashing on Bro cluster
Matt Stucky
mattchess50 at gmail.com
Wed Jun 4 09:49:10 PDT 2014
This cluster has two hosts, one proxy, 12 workers, and sees 900+ mbps of
traffic.
Would it make more sense to have a proxy on each host?
On Wed, Jun 4, 2014 at 11:19 AM, Vlad Grigorescu <vladg at cmu.edu> wrote:
> I've seen this behavior when the proxy is overloaded. Could you share a
> bit about your cluster? How many proxies, how many workers, estimate of
> traffic that's being inspected, hardware being used, etc?
>
> --Vlad
>
>
> On Jun 4, 2014, at 12:13 PM, Matt Stucky <mattchess50 at gmail.com> wrote:
>
> > I've noticed on our bro cluster that the proxy keeps crashing and
> restarting. The cluster seems to be working, logs are being written, etc.
> Has anyone seen this behavior? What am I missing here?
> >
> >
> > From the crash report:
> > internal error: unknown msg type 115 in Poll()
> >
> > /opt/bro/share/broctl/scripts/run-bro: line 85: 18479 Aborted
> (core dumped) nohup $mybro "$@"
> >
> >
> >
> > It attempts to restart it, but the status always shows with ??? in the
> Peers column:
> >
> > proxy-1 proxy 1.2.3.4 running 12386 ??? 04 Jun 07:30:05
> >
> >
> >
> > Thanks,
> > matt
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140604/e23f6f9d/attachment.html
More information about the Bro
mailing list