[Bro] Nodes are running but no logs associated to network traffic going to <prefix>/logs/current/

[Charlie Holiday]

Just completed installing BRO on a new Dell PowerEdge R420 with a Intel
X520 DP 10Gb DA/SFP+ Server Adapter.

I setup BRO as a cluster on this system in order to use pf_ring to spread
the load across multiple cores.  This setup has worked great for other
systems in my environment with the only difference being this new system is
using 10Gb SFP+ adapters.

Any ideas on what might be causing this issue would be greatly appreciated.

Below is some information on what I am seeing:

bro-2.3.1
PF_RING-6.0.2


*node.cfg:*
[manager]
type=manager
host=localhost
#
[proxy-1]
type=proxy
host=localhost
#
[worker-1]
type=worker
host=localhost
interface=bond0
lb_method=pf_ring
lb_procs=4


*<prefix>/logs/current/$*
communication.log  notice.log  stderr.log  stdout.log  weird.log


[BroControl] > status
Name         Type    Host             Status    Pid    Peers  Started
manager      manager localhost        running   21170  5      18 Jun
14:27:16
proxy-1      proxy   localhost        running   21195  5      18 Jun
14:27:18
worker-1-1   worker  localhost        running   21257  2      18 Jun
14:27:20
worker-1-2   worker  localhost        running   21254  2      18 Jun
14:27:20
worker-1-3   worker  localhost        running   21256  2      18 Jun
14:27:20
worker-1-4   worker  localhost        running   21255  2      18 Jun
14:27:20

[BroControl] > netstats
 worker-1-1: 1434659737.208884 recvd=147334297 dropped=2080 link=147336423
 worker-1-2: 1434659737.408838 recvd=147338710 dropped=405 link=147339135
 worker-1-3: 1434659737.608633 recvd=147342307 dropped=792 link=147343135
 worker-1-4: 1434659737.808998 recvd=147347149 dropped=318 link=147347519

Best Regards,
Charlie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150618/e2480782/attachment.html