[Bro] Broctl Worker Issues
Daniel Thayer
dnthayer at illinois.edu
Tue Sep 15 08:41:44 PDT 2015
1) Make sure all Bro processes are stopped:
a) broctl stop
b) broctl ps.bro
If you see any Bro processes, then kill them before proceeding to
next step. If you see any error or warning messages, then
these need to be addressed before proceeding.
2) Since you're not running broctl as the "root" user, you need to make
sure bro workers have permission to capture packets:
https://www.bro.org/documentation/faq.html#how-can-i-capture-packets-as-an-unprivileged-user
3) Start Bro
a) broctl deploy
b) There should not be any errors or warnings.
On 09/15/2015 08:41 AM, Davison, Charles Robert wrote:
> When I try and start broctl on all my workers I receive the following:
>
>
> ubuntu at ip-172-31-41-32:~$ /usr/local/bro/bin/broctl start
>
> starting manager ...
>
> starting proxy-1 ...
>
> starting worker-1 ...
>
> starting worker-2 ...
>
> worker-1 terminated immediately after starting; check output with "diag"
>
> worker-2 terminated immediately after starting; check output with "diag"
>
>
>
> This was my output from the diag:
>
>
> Bro 2.4.1
>
> Linux 3.13.0-48-generic
>
>
> No gdb installed.
>
>
> ==== reporter.log
>
> #separator \x09
>
> #set_separator ,
>
> #empty_field (empty)
>
> #unset_field -
>
> #path reporter
>
> #open 2015-09-15-13-38-43
>
> #fields ts level message location
>
> #types time enum string string
>
> 0.000000 Reporter::WARNING SumStat key request for the
> J1pRzdrrLK8 SumStat uid took longer than 1 minute and was automatically
> cancelled.
> /usr/local/bro/share/bro/base/frameworks/sumstats/./cluster.bro, line 218
>
>
> ==== stderr.log
>
>
> ==== stdout.log
>
> max memory size (kbytes, -m) unlimited
>
> data seg size (kbytes, -d) unlimited
>
> virtual memory (kbytes, -v) unlimited
>
> core file size (blocks, -c) unlimited
>
>
> ==== .cmdline
>
> -U .status -p broctl -p broctl-live -p local -p manager local.bro broctl
> base/frameworks/cluster local-manager.bro broctl/auto
>
>
> ==== .env_vars
>
> PATH=/usr/local/bro/bin:/usr/local/bro/share/broctl/scripts:/usr/local/bro/bin:/usr/local/bro/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
>
> BROPATH=/usr/local/bro/spool/installed-scripts-do-not-touch/site::/usr/local/bro/spool/installed-scripts-do-not-touch/auto:/usr/local/bro/share/bro:/usr/local/bro/share/bro/policy:/usr/local/bro/share/bro/site
>
> CLUSTER_NODE=manager
>
>
> ==== .status
>
> RUNNING [net_run]
>
>
> ==== No prof.log
>
>
> ==== No packet_filter.log
>
>
> ==== loaded_scripts.log
>
> #separator \x09
>
> #set_separator ,
>
> #empty_field (empty)
>
> #unset_field -
>
> #path loaded_scripts
>
> #open 2015-09-15-13-34-43
>
> #fields name
>
> #types string
>
> /usr/local/bro/share/bro/base/init-bare.bro
>
> /usr/local/bro/share/bro/base/bif/const.bif.bro
>
> /usr/local/bro/share/bro/base/bif/types.bif.bro
>
> /usr/local/bro/share/bro/base/bif/strings.bif.bro
>
> /usr/local/bro/share/bro/base/bif/bro.bif.bro
>
> /usr/local/bro/share/bro/base/bif/reporter.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SNMP.types.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_KRB.types.bif.bro
>
> /usr/local/bro/share/bro/base/bif/event.bif.bro
>
> /usr/local/bro/share/bro/base/frameworks/broker/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/broker/main.bro
>
> /usr/local/bro/share/bro/base/frameworks/logging/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/logging/main.bro
>
> /usr/local/bro/share/bro/base/bif/logging.bif.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/logging/postprocessors/__load__.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/logging/postprocessors/scp.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/logging/postprocessors/sftp.bro
>
> /usr/local/bro/share/bro/base/frameworks/logging/writers/ascii.bro
>
> /usr/local/bro/share/bro/base/frameworks/logging/writers/sqlite.bro
>
> /usr/local/bro/share/bro/base/frameworks/logging/writers/none.bro
>
> /usr/local/bro/share/bro/base/frameworks/input/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/input/main.bro
>
> /usr/local/bro/share/bro/base/bif/input.bif.bro
>
> /usr/local/bro/share/bro/base/frameworks/input/readers/ascii.bro
>
> /usr/local/bro/share/bro/base/frameworks/input/readers/raw.bro
>
> /usr/local/bro/share/bro/base/frameworks/input/readers/benchmark.bro
>
> /usr/local/bro/share/bro/base/frameworks/input/readers/binary.bro
>
> /usr/local/bro/share/bro/base/frameworks/input/readers/sqlite.bro
>
> /usr/local/bro/share/bro/base/frameworks/analyzer/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/analyzer/main.bro
>
> /usr/local/bro/share/bro/base/frameworks/packet-filter/utils.bro
>
> /usr/local/bro/share/bro/base/bif/analyzer.bif.bro
>
> /usr/local/bro/share/bro/base/frameworks/files/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/files/main.bro
>
> /usr/local/bro/share/bro/base/bif/file_analysis.bif.bro
>
> /usr/local/bro/share/bro/base/utils/site.bro
>
> /usr/local/bro/share/bro/base/utils/patterns.bro
>
> /usr/local/bro/share/bro/base/frameworks/files/magic/__load__.bro
>
> /usr/local/bro/share/bro/base/bif/__load__.bro
>
> /usr/local/bro/share/bro/base/bif/broxygen.bif.bro
>
> /usr/local/bro/share/bro/base/bif/pcap.bif.bro
>
> /usr/local/bro/share/bro/base/bif/bloom-filter.bif.bro
>
> /usr/local/bro/share/bro/base/bif/cardinality-counter.bif.bro
>
> /usr/local/bro/share/bro/base/bif/top-k.bif.bro
>
> /usr/local/bro/share/bro/base/bif/comm.bif.bro
>
> /usr/local/bro/share/bro/base/bif/data.bif.bro
>
> /usr/local/bro/share/bro/base/bif/messaging.bif.bro
>
> /usr/local/bro/share/bro/base/bif/store.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/__load__.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_ARP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_AYIYA.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_BackDoor.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_BitTorrent.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_ConnSize.events.bif.bro
>
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_ConnSize.functions.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_DCE_RPC.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_DHCP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_DNP3.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_DNS.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_File.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_Finger.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_FTP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_FTP.functions.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_Gnutella.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_GTPv1.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_HTTP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_HTTP.functions.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_ICMP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_Ident.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_InterConn.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_IRC.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_KRB.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_Login.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_Login.functions.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_MIME.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_Modbus.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_MySQL.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_NCP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_NetBIOS.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_NTP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_PIA.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_POP3.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_RADIUS.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_RDP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_RDP.types.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_RPC.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SIP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SNMP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SMB.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SMTP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SMTP.functions.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SOCKS.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SSH.types.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SSH.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SSL.events.bif.bro
>
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SteppingStone.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_Syslog.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_TCP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_TCP.functions.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_Teredo.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_UDP.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_ZIP.events.bif.bro
>
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_FileExtract.events.bif.bro
>
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_FileExtract.functions.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_FileHash.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_PE.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_Unified2.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_Unified2.types.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_X509.events.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_X509.types.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_X509.functions.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro
>
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro
>
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_BinaryReader.binary.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_RawReader.raw.bif.bro
>
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_NoneWriter.none.bif.bro
>
>
> /usr/local/bro/share/bro/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
>
> /usr/local/bro/share/bro/base/init-default.bro
>
> /usr/local/bro/share/bro/base/utils/active-http.bro
>
> /usr/local/bro/share/bro/base/utils/exec.bro
>
> /usr/local/bro/share/bro/base/utils/addrs.bro
>
> /usr/local/bro/share/bro/base/utils/conn-ids.bro
>
> /usr/local/bro/share/bro/base/utils/dir.bro
>
> /usr/local/bro/share/bro/base/frameworks/reporter/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/reporter/main.bro
>
> /usr/local/bro/share/bro/base/utils/paths.bro
>
> /usr/local/bro/share/bro/base/utils/directions-and-hosts.bro
>
> /usr/local/bro/share/bro/base/utils/files.bro
>
> /usr/local/bro/share/bro/base/utils/numbers.bro
>
> /usr/local/bro/share/bro/base/utils/queue.bro
>
> /usr/local/bro/share/bro/base/utils/strings.bro
>
> /usr/local/bro/share/bro/base/utils/thresholds.bro
>
> /usr/local/bro/share/bro/base/utils/time.bro
>
> /usr/local/bro/share/bro/base/utils/urls.bro
>
> /usr/local/bro/share/bro/base/frameworks/notice/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/notice/main.bro
>
> /usr/local/bro/share/bro/base/frameworks/notice/weird.bro
>
> /usr/local/bro/share/bro/base/frameworks/notice/actions/drop.bro
>
> /usr/local/bro/share/bro/base/frameworks/notice/actions/email_admin.bro
>
> /usr/local/bro/share/bro/base/frameworks/notice/actions/page.bro
>
> /usr/local/bro/share/bro/base/frameworks/notice/actions/add-geodata.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/notice/extend-email/hostnames.bro
>
> /usr/local/bro/share/bro/base/frameworks/cluster/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/cluster/main.bro
>
> /usr/local/bro/share/bro/base/frameworks/control/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/control/main.bro
>
>
> /usr/local/bro/spool/installed-scripts-do-not-touch/auto/cluster-layout.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/cluster/setup-connections.bro
>
> /usr/local/bro/share/bro/base/frameworks/communication/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/communication/main.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/packet-filter/__load__.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/packet-filter/main.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/packet-filter/netstats.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/packet-filter/cluster.bro
>
> /usr/local/bro/share/bro/policy/frameworks/communication/listen.bro
>
> /usr/local/bro/share/bro/base/frameworks/cluster/nodes/manager.bro
>
> /usr/local/bro/share/bro/base/frameworks/notice/cluster.bro
>
> /usr/local/bro/share/bro/base/frameworks/notice/actions/pp-alarms.bro
>
> /usr/local/bro/share/bro/base/frameworks/dpd/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/dpd/main.bro
>
> /usr/local/bro/share/bro/base/frameworks/signatures/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/signatures/main.bro
>
> /usr/local/bro/share/bro/base/frameworks/software/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/software/main.bro
>
> /usr/local/bro/share/bro/base/frameworks/intel/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/intel/main.bro
>
> /usr/local/bro/share/bro/base/frameworks/intel/cluster.bro
>
> /usr/local/bro/share/bro/base/frameworks/intel/input.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/main.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/average.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/hll_unique.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/last.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/max.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/min.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/sample.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/std-dev.bro
>
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/variance.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/sum.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/topk.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/unique.bro
>
> /usr/local/bro/share/bro/base/frameworks/sumstats/cluster.bro
>
> /usr/local/bro/share/bro/base/frameworks/tunnels/__load__.bro
>
> /usr/local/bro/share/bro/base/frameworks/tunnels/main.bro
>
> /usr/local/bro/share/bro/base/protocols/conn/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/conn/main.bro
>
> /usr/local/bro/share/bro/base/protocols/conn/contents.bro
>
> /usr/local/bro/share/bro/base/protocols/conn/inactivity.bro
>
> /usr/local/bro/share/bro/base/protocols/conn/polling.bro
>
> /usr/local/bro/share/bro/base/protocols/conn/thresholds.bro
>
> /usr/local/bro/share/bro/base/protocols/dhcp/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/dhcp/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/dhcp/main.bro
>
> /usr/local/bro/share/bro/base/protocols/dhcp/utils.bro
>
> /usr/local/bro/share/bro/base/protocols/dnp3/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/dnp3/main.bro
>
> /usr/local/bro/share/bro/base/protocols/dnp3/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/dns/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/dns/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/dns/main.bro
>
> /usr/local/bro/share/bro/base/protocols/ftp/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/ftp/utils-commands.bro
>
> /usr/local/bro/share/bro/base/protocols/ftp/info.bro
>
> /usr/local/bro/share/bro/base/protocols/ftp/main.bro
>
> /usr/local/bro/share/bro/base/protocols/ftp/utils.bro
>
> /usr/local/bro/share/bro/base/protocols/ftp/files.bro
>
> /usr/local/bro/share/bro/base/protocols/ftp/gridftp.bro
>
> /usr/local/bro/share/bro/base/protocols/ssl/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/ssl/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/ssl/main.bro
>
> /usr/local/bro/share/bro/base/protocols/ssl/mozilla-ca-list.bro
>
> /usr/local/bro/share/bro/base/protocols/ssl/files.bro
>
> /usr/local/bro/share/bro/base/files/x509/__load__.bro
>
> /usr/local/bro/share/bro/base/files/x509/main.bro
>
> /usr/local/bro/share/bro/base/files/hash/__load__.bro
>
> /usr/local/bro/share/bro/base/files/hash/main.bro
>
> /usr/local/bro/share/bro/base/protocols/http/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/http/main.bro
>
> /usr/local/bro/share/bro/base/protocols/http/entities.bro
>
> /usr/local/bro/share/bro/base/protocols/http/utils.bro
>
> /usr/local/bro/share/bro/base/protocols/http/files.bro
>
> /usr/local/bro/share/bro/base/protocols/irc/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/irc/main.bro
>
> /usr/local/bro/share/bro/base/protocols/irc/dcc-send.bro
>
> /usr/local/bro/share/bro/base/protocols/irc/files.bro
>
> /usr/local/bro/share/bro/base/protocols/krb/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/krb/main.bro
>
> /usr/local/bro/share/bro/base/protocols/krb/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/krb/files.bro
>
> /usr/local/bro/share/bro/base/protocols/modbus/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/modbus/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/modbus/main.bro
>
> /usr/local/bro/share/bro/base/protocols/mysql/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/mysql/main.bro
>
> /usr/local/bro/share/bro/base/protocols/mysql/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/pop3/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/radius/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/radius/main.bro
>
> /usr/local/bro/share/bro/base/protocols/radius/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/rdp/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/rdp/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/rdp/main.bro
>
> /usr/local/bro/share/bro/base/protocols/sip/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/sip/main.bro
>
> /usr/local/bro/share/bro/base/protocols/snmp/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/snmp/main.bro
>
> /usr/local/bro/share/bro/base/protocols/smtp/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/smtp/main.bro
>
> /usr/local/bro/share/bro/base/protocols/smtp/entities.bro
>
> /usr/local/bro/share/bro/base/protocols/smtp/files.bro
>
> /usr/local/bro/share/bro/base/protocols/socks/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/socks/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/socks/main.bro
>
> /usr/local/bro/share/bro/base/protocols/ssh/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/ssh/main.bro
>
> /usr/local/bro/share/bro/base/protocols/syslog/__load__.bro
>
> /usr/local/bro/share/bro/base/protocols/syslog/consts.bro
>
> /usr/local/bro/share/bro/base/protocols/syslog/main.bro
>
> /usr/local/bro/share/bro/base/protocols/tunnels/__load__.bro
>
> /usr/local/bro/share/bro/base/files/pe/__load__.bro
>
> /usr/local/bro/share/bro/base/files/pe/consts.bro
>
> /usr/local/bro/share/bro/base/files/pe/main.bro
>
> /usr/local/bro/share/bro/base/files/extract/__load__.bro
>
> /usr/local/bro/share/bro/base/files/extract/main.bro
>
> /usr/local/bro/share/bro/base/files/unified2/__load__.bro
>
> /usr/local/bro/share/bro/base/files/unified2/main.bro
>
> /usr/local/bro/share/bro/base/misc/find-checksum-offloading.bro
>
> /usr/local/bro/share/bro/base/misc/find-filtered-trace.bro
>
> /usr/local/bro/spool/installed-scripts-do-not-touch/site/local.bro
>
> /usr/local/bro/share/bro/policy/misc/loaded-scripts.bro
>
> /usr/local/bro/share/bro/policy/tuning/defaults/__load__.bro
>
> /usr/local/bro/share/bro/policy/tuning/defaults/packet-fragments.bro
>
> /usr/local/bro/share/bro/policy/tuning/defaults/warnings.bro
>
>
> /usr/local/bro/share/bro/policy/tuning/defaults/extracted_file_limits.bro
>
> /usr/local/bro/share/bro/policy/misc/scan.bro
>
> /usr/local/bro/share/bro/policy/misc/app-stats/__load__.bro
>
> /usr/local/bro/share/bro/policy/misc/app-stats/main.bro
>
> /usr/local/bro/share/bro/policy/misc/app-stats/plugins/__load__.bro
>
> /usr/local/bro/share/bro/policy/misc/app-stats/plugins/facebook.bro
>
> /usr/local/bro/share/bro/policy/misc/detect-traceroute/__load__.bro
>
> /usr/local/bro/share/bro/policy/misc/detect-traceroute/main.bro
>
> /usr/local/bro/share/bro/policy/frameworks/software/vulnerable.bro
>
> /usr/local/bro/share/bro/policy/frameworks/software/version-changes.bro
>
> /usr/local/bro/share/bro/policy/protocols/ftp/software.bro
>
> /usr/local/bro/share/bro/policy/protocols/smtp/software.bro
>
> /usr/local/bro/share/bro/policy/protocols/ssh/software.bro
>
> /usr/local/bro/share/bro/policy/protocols/http/software.bro
>
> /usr/local/bro/share/bro/policy/protocols/dns/detect-external-names.bro
>
> /usr/local/bro/share/bro/policy/protocols/ftp/detect.bro
>
> /usr/local/bro/share/bro/policy/protocols/conn/known-hosts.bro
>
> /usr/local/bro/share/bro/policy/protocols/conn/known-services.bro
>
> /usr/local/bro/share/bro/policy/protocols/ssl/known-certs.bro
>
> /usr/local/bro/share/bro/policy/protocols/ssl/validate-certs.bro
>
> /usr/local/bro/share/bro/policy/protocols/ssl/log-hostcerts-only.bro
>
> /usr/local/bro/share/bro/policy/protocols/ssh/geo-data.bro
>
> /usr/local/bro/share/bro/policy/protocols/ssh/detect-bruteforcing.bro
>
> /usr/local/bro/share/bro/policy/protocols/ssh/interesting-hostnames.bro
>
> /usr/local/bro/share/bro/policy/protocols/http/detect-sqli.bro
>
> /usr/local/bro/share/bro/policy/frameworks/files/hash-all-files.bro
>
> /usr/local/bro/share/bro/policy/frameworks/files/detect-MHR.bro
>
> /usr/local/bro/share/bro/broctl/__load__.bro
>
> /usr/local/bro/share/bro/broctl/main.bro
>
> /usr/local/bro/share/bro/policy/frameworks/control/controllee.bro
>
> /usr/local/bro/spool/installed-scripts-do-not-touch/site/local-manager.bro
>
> /usr/local/bro/share/bro/broctl/auto.bro
>
>
> /usr/local/bro/spool/installed-scripts-do-not-touch/auto/local-networks.bro
>
>
> /usr/local/bro/spool/installed-scripts-do-not-touch/auto/broctl-config.bro
>
> [proxy-1]
>
>
> Bro 2.4.1
>
> Linux 3.13.0-48-generic
>
>
> No gdb installed.
>
>
> ==== No reporter.log
>
>
> ==== stderr.log
>
>
> ==== stdout.log
>
> max memory size (kbytes, -m) unlimited
>
> data seg size (kbytes, -d) unlimited
>
> virtual memory (kbytes, -v) unlimited
>
> core file size (blocks, -c) unlimited
>
>
> ==== .cmdline
>
> -U .status -p broctl -p broctl-live -p local -p proxy-1 local.bro broctl
> base/frameworks/cluster local-proxy broctl/auto
>
>
> ==== .env_vars
>
> PATH=/usr/local/bro/bin:/usr/local/bro/share/broctl/scripts:/usr/local/bro/bin:/usr/local/bro/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
>
> BROPATH=/usr/local/bro/spool/installed-scripts-do-not-touch/site::/usr/local/bro/spool/installed-scripts-do-not-touch/auto:/usr/local/bro/share/bro:/usr/local/bro/share/bro/policy:/usr/local/bro/share/bro/site
>
> CLUSTER_NODE=proxy-1
>
>
> ==== .status
>
> RUNNING [net_run]
>
>
> ==== No prof.log
>
>
> ==== No packet_filter.log
>
>
> ==== No loaded_scripts.log
>
> [worker-1]
>
> error running crash-diag for worker-1
>
> Host 172.31.41.33 is not alive
>
> [worker-2]
>
> error running crash-diag for worker-2
>
> Host 172.31.41.31 is not alive
>
>
>
>
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list