[Bro] Bro hanging on some sensors
Kellogg, Brian D (OLN)
bkellogg at dresser-rand.com
Sat Jun 21 07:00:47 PDT 2014
The other consistent thing I see is that with the Intel framework disabled I'll have to stop and start Bro usually two times before I start seeing all of the logs generated but usually only once. When I have the Intel framework enable I can stop and start Bro a number of times with only those five log files being generated each time. And again, on some of the sensors Bro will work with the Intel framework enabled and they all are using the same Intel files replicated via the "policy" directory Security Onion replication.
________________________________________
From: Doug Burks [doug.burks at gmail.com]
Sent: Wednesday, June 18, 2014 6:55 AM
To: Kellogg, Brian D (OLN)
Cc: Mike Reeves; bro
Subject: Re: [Bro] Bro hanging on some sensors
On Tue, Jun 17, 2014 at 10:30 AM, Kellogg, Brian D (OLN)
<bkellogg at dresser-rand.com> wrote:
> The one consistent thing I see is that when I stop, install, and then start
> Bro, Bro starts ok and all the appropriate logs are created. If I stop and
> restart Bro again then the only logs I see in the "current" directory are:
> communication, loaded_scripts, reporter, stderr, and stdout.
Yep, I've seen this issue before. I'm not sure if it's an issue with
the Security-Onion-specific scripts that we load into Bro, or if it
could be an issue with Bro itself.
Has anybody else seen this issue on a vanilla Bro installation (not
using Security Onion)?
--
Doug Burks
More information about the Bro
mailing list