[Bro] Broctl Worker Issues
Daniel Thayer
dnthayer at illinois.edu
Tue Sep 15 12:10:29 PDT 2015
I'm guessing you probably ran the setcap on the manager. Actually,
it really only needs to be run on the workers. However, doing
a "broctl install" or "broctl deploy" will overwrite the bro
executable on the worker machines, and then you'd need to do
the "setcap" again before starting bro.
In any case, the output of "broctl diag" is often useful to see why a
bro node crashed.
On 09/15/2015 12:24 PM, Davison, Charles Robert wrote:
> 1. Complete
> 2. Complete: sudo setcap cap_net_raw,cap_net_admin=eip /usr/local/bro/bin/bro
> 3. Error:
>
> [BroControl] > ps.bro
> USER PID PPID %CPU %MEM VSZ RSS TT S STARTED TIME COMMAND
>>>> 172.31.41.32
>>>> 172.31.41.33
>>>> 172.31.41.31
> [BroControl] > deploy
> checking configurations ...
> installing ...
> removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/site ...
> removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/auto ...
> creating policy directories ...
> installing site policies ...
> generating cluster-layout.bro ...
> generating local-networks.bro ...
> generating broctl-config.bro ...
> generating broctl-config.sh ...
> updating nodes ...
> stopping ...
> worker-1 not running (was crashed)
> worker-2 not running (was crashed)
> proxy-1 not running (was crashed)
> manager not running (was crashed)
> starting ...
> starting manager ...
> starting proxy-1 ...
> starting worker-1 ...
> starting worker-2 ...
> worker-1 terminated immediately after starting; check output with "diag"
> worker-2 terminated immediately after starting; check output with "diag"
> [BroControl] >
>
>
>
> ________________________________________
> From: Daniel Thayer <dnthayer at illinois.edu>
> Sent: Tuesday, September 15, 2015 9:41 AM
> To: Davison, Charles Robert; bro at bro.org
> Subject: Re: [Bro] Broctl Worker Issues
>
> 1) Make sure all Bro processes are stopped:
> a) broctl stop
> b) broctl ps.bro
> If you see any Bro processes, then kill them before proceeding to
> next step. If you see any error or warning messages, then
> these need to be addressed before proceeding.
>
> 2) Since you're not running broctl as the "root" user, you need to make
> sure bro workers have permission to capture packets:
>
> https://www.bro.org/documentation/faq.html#how-can-i-capture-packets-as-an-unprivileged-user
>
> 3) Start Bro
> a) broctl deploy
> b) There should not be any errors or warnings.
>
>
> On 09/15/2015 08:41 AM, Davison, Charles Robert wrote:
>> When I try and start broctl on all my workers I receive the following:
>>
>>
>> ubuntu at ip-172-31-41-32:~$ /usr/local/bro/bin/broctl start
>>
>> starting manager ...
>>
>> starting proxy-1 ...
>>
>> starting worker-1 ...
>>
>> starting worker-2 ...
>>
>> worker-1 terminated immediately after starting; check output with "diag"
>>
>> worker-2 terminated immediately after starting; check output with "diag"
>>
>>
>>
>> This was my output from the diag:
>>
>>
>> Bro 2.4.1
>>
>> Linux 3.13.0-48-generic
>>
>>
>> No gdb installed.
>>
>>
>> ==== reporter.log
>>
>> #separator \x09
>>
>> #set_separator ,
>>
>> #empty_field (empty)
>>
>> #unset_field -
>>
>> #path reporter
>>
>> #open 2015-09-15-13-38-43
>>
>> #fields ts level message location
>>
>> #types time enum string string
>>
>> 0.000000 Reporter::WARNING SumStat key request for the
>> J1pRzdrrLK8 SumStat uid took longer than 1 minute and was automatically
>> cancelled.
>> /usr/local/bro/share/bro/base/frameworks/sumstats/./cluster.bro, line 218
>>
>>
>> ==== stderr.log
>>
>>
>> ==== stdout.log
>>
>> max memory size (kbytes, -m) unlimited
>>
>> data seg size (kbytes, -d) unlimited
>>
>> virtual memory (kbytes, -v) unlimited
>>
>> core file size (blocks, -c) unlimited
>>
>>
>> ==== .cmdline
>>
>> -U .status -p broctl -p broctl-live -p local -p manager local.bro broctl
>> base/frameworks/cluster local-manager.bro broctl/auto
>>
>>
>> ==== .env_vars
>>
>> PATH=/usr/local/bro/bin:/usr/local/bro/share/broctl/scripts:/usr/local/bro/bin:/usr/local/bro/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
>>
>> BROPATH=/usr/local/bro/spool/installed-scripts-do-not-touch/site::/usr/local/bro/spool/installed-scripts-do-not-touch/auto:/usr/local/bro/share/bro:/usr/local/bro/share/bro/policy:/usr/local/bro/share/bro/site
>>
>> CLUSTER_NODE=manager
>>
>>
>> ==== .status
>>
>> RUNNING [net_run]
>>
>>
>> ==== No prof.log
>>
>>
>> ==== No packet_filter.log
>>
>>
>> ==== loaded_scripts.log
>>
>> #separator \x09
>>
>> #set_separator ,
>>
>> #empty_field (empty)
>>
>> #unset_field -
>>
>> #path loaded_scripts
>>
>> #open 2015-09-15-13-34-43
>>
>> #fields name
>>
>> #types string
>>
>> /usr/local/bro/share/bro/base/init-bare.bro
>>
>> /usr/local/bro/share/bro/base/bif/const.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/strings.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/bro.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/reporter.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SNMP.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_KRB.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/event.bif.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/broker/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/broker/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/main.bro
>>
>> /usr/local/bro/share/bro/base/bif/logging.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/postprocessors/__load__.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/postprocessors/scp.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/postprocessors/sftp.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/writers/ascii.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/writers/sqlite.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/writers/none.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/main.bro
>>
>> /usr/local/bro/share/bro/base/bif/input.bif.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/readers/ascii.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/readers/raw.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/readers/benchmark.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/readers/binary.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/readers/sqlite.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/analyzer/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/analyzer/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/packet-filter/utils.bro
>>
>> /usr/local/bro/share/bro/base/bif/analyzer.bif.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/files/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/files/main.bro
>>
>> /usr/local/bro/share/bro/base/bif/file_analysis.bif.bro
>>
>> /usr/local/bro/share/bro/base/utils/site.bro
>>
>> /usr/local/bro/share/bro/base/utils/patterns.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/files/magic/__load__.bro
>>
>> /usr/local/bro/share/bro/base/bif/__load__.bro
>>
>> /usr/local/bro/share/bro/base/bif/broxygen.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/pcap.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/bloom-filter.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/cardinality-counter.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/top-k.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/comm.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/data.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/messaging.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/store.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/__load__.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_ARP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_AYIYA.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_BackDoor.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_BitTorrent.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_ConnSize.events.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_ConnSize.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_DCE_RPC.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_DHCP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_DNP3.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_DNS.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_File.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Finger.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_FTP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_FTP.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Gnutella.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_GTPv1.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_HTTP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_HTTP.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_ICMP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Ident.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_InterConn.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_IRC.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_KRB.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Login.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Login.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_MIME.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Modbus.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_MySQL.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_NCP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_NetBIOS.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_NTP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_PIA.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_POP3.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_RADIUS.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_RDP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_RDP.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_RPC.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SIP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SNMP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SMB.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SMTP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SMTP.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SOCKS.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SSH.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SSH.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SSL.events.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SteppingStone.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Syslog.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_TCP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_TCP.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Teredo.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_UDP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_ZIP.events.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_FileExtract.events.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_FileExtract.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_FileHash.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_PE.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Unified2.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Unified2.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_X509.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_X509.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_X509.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_BinaryReader.binary.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_RawReader.raw.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_NoneWriter.none.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
>>
>> /usr/local/bro/share/bro/base/init-default.bro
>>
>> /usr/local/bro/share/bro/base/utils/active-http.bro
>>
>> /usr/local/bro/share/bro/base/utils/exec.bro
>>
>> /usr/local/bro/share/bro/base/utils/addrs.bro
>>
>> /usr/local/bro/share/bro/base/utils/conn-ids.bro
>>
>> /usr/local/bro/share/bro/base/utils/dir.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/reporter/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/reporter/main.bro
>>
>> /usr/local/bro/share/bro/base/utils/paths.bro
>>
>> /usr/local/bro/share/bro/base/utils/directions-and-hosts.bro
>>
>> /usr/local/bro/share/bro/base/utils/files.bro
>>
>> /usr/local/bro/share/bro/base/utils/numbers.bro
>>
>> /usr/local/bro/share/bro/base/utils/queue.bro
>>
>> /usr/local/bro/share/bro/base/utils/strings.bro
>>
>> /usr/local/bro/share/bro/base/utils/thresholds.bro
>>
>> /usr/local/bro/share/bro/base/utils/time.bro
>>
>> /usr/local/bro/share/bro/base/utils/urls.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/weird.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/actions/drop.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/actions/email_admin.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/actions/page.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/actions/add-geodata.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/extend-email/hostnames.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/cluster/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/cluster/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/control/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/control/main.bro
>>
>>
>> /usr/local/bro/spool/installed-scripts-do-not-touch/auto/cluster-layout.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/cluster/setup-connections.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/communication/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/communication/main.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/packet-filter/__load__.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/packet-filter/main.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/packet-filter/netstats.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/packet-filter/cluster.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/communication/listen.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/cluster/nodes/manager.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/cluster.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/actions/pp-alarms.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/dpd/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/dpd/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/signatures/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/signatures/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/software/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/software/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/intel/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/intel/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/intel/cluster.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/intel/input.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/average.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/hll_unique.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/last.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/max.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/min.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/sample.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/std-dev.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/variance.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/sum.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/topk.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/unique.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/cluster.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/tunnels/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/tunnels/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/contents.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/inactivity.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/polling.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/thresholds.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dhcp/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dhcp/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dhcp/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dhcp/utils.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dnp3/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dnp3/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dnp3/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dns/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dns/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dns/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/utils-commands.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/info.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/utils.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/files.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/gridftp.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssl/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssl/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssl/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssl/mozilla-ca-list.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssl/files.bro
>>
>> /usr/local/bro/share/bro/base/files/x509/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/x509/main.bro
>>
>> /usr/local/bro/share/bro/base/files/hash/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/hash/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/http/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/http/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/http/entities.bro
>>
>> /usr/local/bro/share/bro/base/protocols/http/utils.bro
>>
>> /usr/local/bro/share/bro/base/protocols/http/files.bro
>>
>> /usr/local/bro/share/bro/base/protocols/irc/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/irc/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/irc/dcc-send.bro
>>
>> /usr/local/bro/share/bro/base/protocols/irc/files.bro
>>
>> /usr/local/bro/share/bro/base/protocols/krb/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/krb/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/krb/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/krb/files.bro
>>
>> /usr/local/bro/share/bro/base/protocols/modbus/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/modbus/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/modbus/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/mysql/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/mysql/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/mysql/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/pop3/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/radius/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/radius/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/radius/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/rdp/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/rdp/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/rdp/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/sip/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/sip/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/snmp/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/snmp/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/smtp/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/smtp/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/smtp/entities.bro
>>
>> /usr/local/bro/share/bro/base/protocols/smtp/files.bro
>>
>> /usr/local/bro/share/bro/base/protocols/socks/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/socks/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/socks/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssh/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssh/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/syslog/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/syslog/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/syslog/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/tunnels/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/pe/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/pe/consts.bro
>>
>> /usr/local/bro/share/bro/base/files/pe/main.bro
>>
>> /usr/local/bro/share/bro/base/files/extract/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/extract/main.bro
>>
>> /usr/local/bro/share/bro/base/files/unified2/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/unified2/main.bro
>>
>> /usr/local/bro/share/bro/base/misc/find-checksum-offloading.bro
>>
>> /usr/local/bro/share/bro/base/misc/find-filtered-trace.bro
>>
>> /usr/local/bro/spool/installed-scripts-do-not-touch/site/local.bro
>>
>> /usr/local/bro/share/bro/policy/misc/loaded-scripts.bro
>>
>> /usr/local/bro/share/bro/policy/tuning/defaults/__load__.bro
>>
>> /usr/local/bro/share/bro/policy/tuning/defaults/packet-fragments.bro
>>
>> /usr/local/bro/share/bro/policy/tuning/defaults/warnings.bro
>>
>>
>> /usr/local/bro/share/bro/policy/tuning/defaults/extracted_file_limits.bro
>>
>> /usr/local/bro/share/bro/policy/misc/scan.bro
>>
>> /usr/local/bro/share/bro/policy/misc/app-stats/__load__.bro
>>
>> /usr/local/bro/share/bro/policy/misc/app-stats/main.bro
>>
>> /usr/local/bro/share/bro/policy/misc/app-stats/plugins/__load__.bro
>>
>> /usr/local/bro/share/bro/policy/misc/app-stats/plugins/facebook.bro
>>
>> /usr/local/bro/share/bro/policy/misc/detect-traceroute/__load__.bro
>>
>> /usr/local/bro/share/bro/policy/misc/detect-traceroute/main.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/software/vulnerable.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/software/version-changes.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ftp/software.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/smtp/software.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssh/software.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/http/software.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/dns/detect-external-names.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ftp/detect.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/conn/known-hosts.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/conn/known-services.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssl/known-certs.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssl/validate-certs.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssl/log-hostcerts-only.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssh/geo-data.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssh/detect-bruteforcing.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssh/interesting-hostnames.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/http/detect-sqli.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/files/hash-all-files.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/files/detect-MHR.bro
>>
>> /usr/local/bro/share/bro/broctl/__load__.bro
>>
>> /usr/local/bro/share/bro/broctl/main.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/control/controllee.bro
>>
>> /usr/local/bro/spool/installed-scripts-do-not-touch/site/local-manager.bro
>>
>> /usr/local/bro/share/bro/broctl/auto.bro
>>
>>
>> /usr/local/bro/spool/installed-scripts-do-not-touch/auto/local-networks.bro
>>
>>
>> /usr/local/bro/spool/installed-scripts-do-not-touch/auto/broctl-config.bro
>>
>> [proxy-1]
>>
>>
>> Bro 2.4.1
>>
>> Linux 3.13.0-48-generic
>>
>>
>> No gdb installed.
>>
>>
>> ==== No reporter.log
>>
>>
>> ==== stderr.log
>>
>>
>> ==== stdout.log
>>
>> max memory size (kbytes, -m) unlimited
>>
>> data seg size (kbytes, -d) unlimited
>>
>> virtual memory (kbytes, -v) unlimited
>>
>> core file size (blocks, -c) unlimited
>>
>>
>> ==== .cmdline
>>
>> -U .status -p broctl -p broctl-live -p local -p proxy-1 local.bro broctl
>> base/frameworks/cluster local-proxy broctl/auto
>>
>>
>> ==== .env_vars
>>
>> PATH=/usr/local/bro/bin:/usr/local/bro/share/broctl/scripts:/usr/local/bro/bin:/usr/local/bro/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
>>
>> BROPATH=/usr/local/bro/spool/installed-scripts-do-not-touch/site::/usr/local/bro/spool/installed-scripts-do-not-touch/auto:/usr/local/bro/share/bro:/usr/local/bro/share/bro/policy:/usr/local/bro/share/bro/site
>>
>> CLUSTER_NODE=proxy-1
>>
>>
>> ==== .status
>>
>> RUNNING [net_run]
>>
>>
>> ==== No prof.log
>>
>>
>> ==== No packet_filter.log
>>
>>
>> ==== No loaded_scripts.log
>>
>> [worker-1]
>>
>> error running crash-diag for worker-1
>>
>> Host 172.31.41.33 is not alive
>>
>> [worker-2]
>>
>> error running crash-diag for worker-2
>>
>> Host 172.31.41.31 is not alive
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
More information about the Bro
mailing list