[Bro] Stats.log Growing Out of Control!!!
Damon Rouse
damonrouse at gmail.com
Mon Jan 19 17:26:39 PST 2015
Here's the output after patching the cron.py file
stats-to-csv failed
['manager ...', 'Traceback (most recent call last):', ' File
"/opt/bro/share/broctl/scripts/stats-to-csv", line 134, in <module>', '
processNode(stats, wwwdir, "manager", False)', ' File
"/opt/bro/share/broctl/scripts/stats-to-csv", line 87, in processNode',
' if m[1] != node:', 'IndexError: list index out of range']
--
[Automatically generated.]
On Mon, Jan 19, 2015 at 3:39 PM, Daniel Thayer <dnthayer at illinois.edu>
wrote:
> I'd like to know why the stats-to-csv script is failing.
> Could you apply the attached patch, and then send me
> the contents of the "stats-to-csv failed" email?
>
> To apply the patch you'll need to change directory to (where <prefix>
> is the Bro install prefix directory):
> <prefix>/lib/broctl/BroControl
> In that directory you should see a file named "cron.py".
>
>
>
> On 01/19/2015 02:16 PM, Damon Rouse wrote:
>
>> @Dan: Both those files are there.
>>
>> What my main issue seems to be is that my stats.log file is growing by
>> 20-30MB every 5 minutes when the cron runs. I then get the email below
>> in my original post.
>>
>> I'm circling back here to hopefully find a resolution. I opened a
>> thread in the Security Onion and tried limiting these events in my
>> broctl.cfg. doesn't seem to work. I've stopped Bro, deleted the stats
>> dir, did brotcl install and then start, no go there either.
>>
>> Here's my SO thread for ref:
>> https://groups.google.com/forum/#!topic/security-onion/bdmFGn3oj24
>>
>> If anyone has any ideas or thoughts, please let me know. Any help is
>> truly appreciated!
>>
>> Thanks
>> Damon
>>
>> On Fri, Jan 2, 2015 at 2:16 PM, Thayer, Daniel N <dnthayer at illinois.edu
>> <mailto:dnthayer at illinois.edu>> wrote:
>>
>> The stats-to-csv script creates files with a ".csv" file extension in
>> the directory <prefix>/logs/stats/www/ (where <prefix> is the bro
>> install directory). In order for this script to work, it needs to
>> read two files: <prefix>/spool/stats.log and
>> <prefix>/logs/stats/meta.dat
>>
>>
>>
>>
>> From: bro-bounces at bro.org <mailto:bro-bounces at bro.org>
>> [bro-bounces at bro.org <mailto:bro-bounces at bro.org>] on behalf of
>> Damon Rouse [damonrouse at gmail.com <mailto:damonrouse at gmail.com>]
>>
>> Sent: Friday, January 02, 2015 11:58 AM
>>
>> To: bro at bro-ids.org <mailto:bro at bro-ids.org>
>>
>> Subject: [Bro] (no subject)
>>
>>
>>
>>
>>
>>
>> Happy New Year Everyone!!!
>>
>> Has anyone ever seen the following error before? Email alerts that
>> come in looks like this:
>>
>>
>>
>>
>> Subject: [Bro] cron: stats-to-csv failed
>> Body:
>> stats-to-csv failed
>> --
>> [Automatically generated.]
>>
>> I started receiving these yesterday. They come in every 5 minutes
>> and I've never received them before yesterday.
>>
>> Bro is running fine, my system is completely updated and everything
>> looks good when I run a sostat (running BRO under Security Onion).
>>
>> Any insight is appreciated as I have no idea if they are something I
>> should look into or not.
>>
>> Thanks
>> Damon
>>
>>
>>
>>
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150119/2d970612/attachment-0001.html
More information about the Bro
mailing list