[Bro] Broctl Worker Issues
Davison, Charles Robert
cdaviso1 at vols.utk.edu
Wed Sep 16 11:48:26 PDT 2015
Finally working,
I started from scratch and made sure my workers had all the same dependencies and optional dependencies as my manager did and everything is working now:
[BroControl] > status
Getting process status ...
Getting peer status ...
Name Type Host Status Pid Peers Started
manager manager 172.31.38.121 running 1440 2 16 Sep 18:43:35
proxy-1 proxy 172.31.38.121 running 1479 2 16 Sep 18:43:36
worker-1 worker 172.31.38.122 running 5550 2 16 Sep 18:43:38
[BroControl] >
________________________________________
From: Daniel Thayer <dnthayer at illinois.edu>
Sent: Tuesday, September 15, 2015 1:10 PM
To: Davison, Charles Robert; bro at bro.org
Subject: Re: [Bro] Broctl Worker Issues
I'm guessing you probably ran the setcap on the manager. Actually,
it really only needs to be run on the workers. However, doing
a "broctl install" or "broctl deploy" will overwrite the bro
executable on the worker machines, and then you'd need to do
the "setcap" again before starting bro.
In any case, the output of "broctl diag" is often useful to see why a
bro node crashed.
On 09/15/2015 12:24 PM, Davison, Charles Robert wrote:
> 1. Complete
> 2. Complete: sudo setcap cap_net_raw,cap_net_admin=eip /usr/local/bro/bin/bro
> 3. Error:
>
> [BroControl] > ps.bro
> USER PID PPID %CPU %MEM VSZ RSS TT S STARTED TIME COMMAND
>>>> 172.31.41.32
>>>> 172.31.41.33
>>>> 172.31.41.31
> [BroControl] > deploy
> checking configurations ...
> installing ...
> removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/site ...
> removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/auto ...
> creating policy directories ...
> installing site policies ...
> generating cluster-layout.bro ...
> generating local-networks.bro ...
> generating broctl-config.bro ...
> generating broctl-config.sh ...
> updating nodes ...
> stopping ...
> worker-1 not running (was crashed)
> worker-2 not running (was crashed)
> proxy-1 not running (was crashed)
> manager not running (was crashed)
> starting ...
> starting manager ...
> starting proxy-1 ...
> starting worker-1 ...
> starting worker-2 ...
> worker-1 terminated immediately after starting; check output with "diag"
> worker-2 terminated immediately after starting; check output with "diag"
> [BroControl] >
>
>
>
> ________________________________________
> From: Daniel Thayer <dnthayer at illinois.edu>
> Sent: Tuesday, September 15, 2015 9:41 AM
> To: Davison, Charles Robert; bro at bro.org
> Subject: Re: [Bro] Broctl Worker Issues
>
> 1) Make sure all Bro processes are stopped:
> a) broctl stop
> b) broctl ps.bro
> If you see any Bro processes, then kill them before proceeding to
> next step. If you see any error or warning messages, then
> these need to be addressed before proceeding.
>
> 2) Since you're not running broctl as the "root" user, you need to make
> sure bro workers have permission to capture packets:
>
> https://www.bro.org/documentation/faq.html#how-can-i-capture-packets-as-an-unprivileged-user
>
> 3) Start Bro
> a) broctl deploy
> b) There should not be any errors or warnings.
>
>
> On 09/15/2015 08:41 AM, Davison, Charles Robert wrote:
>> When I try and start broctl on all my workers I receive the following:
>>
>>
>> ubuntu at ip-172-31-41-32:~$ /usr/local/bro/bin/broctl start
>>
>> starting manager ...
>>
>> starting proxy-1 ...
>>
>> starting worker-1 ...
>>
>> starting worker-2 ...
>>
>> worker-1 terminated immediately after starting; check output with "diag"
>>
>> worker-2 terminated immediately after starting; check output with "diag"
>>
>>
>>
>> This was my output from the diag:
>>
>>
>> Bro 2.4.1
>>
>> Linux 3.13.0-48-generic
>>
>>
>> No gdb installed.
>>
>>
>> ==== reporter.log
>>
>> #separator \x09
>>
>> #set_separator ,
>>
>> #empty_field (empty)
>>
>> #unset_field -
>>
>> #path reporter
>>
>> #open 2015-09-15-13-38-43
>>
>> #fields ts level message location
>>
>> #types time enum string string
>>
>> 0.000000 Reporter::WARNING SumStat key request for the
>> J1pRzdrrLK8 SumStat uid took longer than 1 minute and was automatically
>> cancelled.
>> /usr/local/bro/share/bro/base/frameworks/sumstats/./cluster.bro, line 218
>>
>>
>> ==== stderr.log
>>
>>
>> ==== stdout.log
>>
>> max memory size (kbytes, -m) unlimited
>>
>> data seg size (kbytes, -d) unlimited
>>
>> virtual memory (kbytes, -v) unlimited
>>
>> core file size (blocks, -c) unlimited
>>
>>
>> ==== .cmdline
>>
>> -U .status -p broctl -p broctl-live -p local -p manager local.bro broctl
>> base/frameworks/cluster local-manager.bro broctl/auto
>>
>>
>> ==== .env_vars
>>
>> PATH=/usr/local/bro/bin:/usr/local/bro/share/broctl/scripts:/usr/local/bro/bin:/usr/local/bro/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
>>
>> BROPATH=/usr/local/bro/spool/installed-scripts-do-not-touch/site::/usr/local/bro/spool/installed-scripts-do-not-touch/auto:/usr/local/bro/share/bro:/usr/local/bro/share/bro/policy:/usr/local/bro/share/bro/site
>>
>> CLUSTER_NODE=manager
>>
>>
>> ==== .status
>>
>> RUNNING [net_run]
>>
>>
>> ==== No prof.log
>>
>>
>> ==== No packet_filter.log
>>
>>
>> ==== loaded_scripts.log
>>
>> #separator \x09
>>
>> #set_separator ,
>>
>> #empty_field (empty)
>>
>> #unset_field -
>>
>> #path loaded_scripts
>>
>> #open 2015-09-15-13-34-43
>>
>> #fields name
>>
>> #types string
>>
>> /usr/local/bro/share/bro/base/init-bare.bro
>>
>> /usr/local/bro/share/bro/base/bif/const.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/strings.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/bro.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/reporter.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SNMP.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_KRB.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/event.bif.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/broker/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/broker/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/main.bro
>>
>> /usr/local/bro/share/bro/base/bif/logging.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/postprocessors/__load__.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/postprocessors/scp.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/postprocessors/sftp.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/writers/ascii.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/writers/sqlite.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/logging/writers/none.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/main.bro
>>
>> /usr/local/bro/share/bro/base/bif/input.bif.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/readers/ascii.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/readers/raw.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/readers/benchmark.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/readers/binary.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/input/readers/sqlite.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/analyzer/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/analyzer/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/packet-filter/utils.bro
>>
>> /usr/local/bro/share/bro/base/bif/analyzer.bif.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/files/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/files/main.bro
>>
>> /usr/local/bro/share/bro/base/bif/file_analysis.bif.bro
>>
>> /usr/local/bro/share/bro/base/utils/site.bro
>>
>> /usr/local/bro/share/bro/base/utils/patterns.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/files/magic/__load__.bro
>>
>> /usr/local/bro/share/bro/base/bif/__load__.bro
>>
>> /usr/local/bro/share/bro/base/bif/broxygen.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/pcap.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/bloom-filter.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/cardinality-counter.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/top-k.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/comm.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/data.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/messaging.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/store.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/__load__.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_ARP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_AYIYA.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_BackDoor.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_BitTorrent.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_ConnSize.events.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_ConnSize.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_DCE_RPC.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_DHCP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_DNP3.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_DNS.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_File.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Finger.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_FTP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_FTP.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Gnutella.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_GTPv1.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_HTTP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_HTTP.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_ICMP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Ident.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_InterConn.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_IRC.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_KRB.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Login.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Login.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_MIME.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Modbus.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_MySQL.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_NCP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_NetBIOS.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_NTP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_PIA.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_POP3.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_RADIUS.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_RDP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_RDP.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_RPC.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SIP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SNMP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SMB.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SMTP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SMTP.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SOCKS.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SSH.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SSH.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SSL.events.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SteppingStone.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Syslog.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_TCP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_TCP.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Teredo.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_UDP.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_ZIP.events.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_FileExtract.events.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_FileExtract.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_FileHash.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_PE.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Unified2.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_Unified2.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_X509.events.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_X509.types.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_X509.functions.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_BinaryReader.binary.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_RawReader.raw.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_NoneWriter.none.bif.bro
>>
>>
>> /usr/local/bro/share/bro/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
>>
>> /usr/local/bro/share/bro/base/init-default.bro
>>
>> /usr/local/bro/share/bro/base/utils/active-http.bro
>>
>> /usr/local/bro/share/bro/base/utils/exec.bro
>>
>> /usr/local/bro/share/bro/base/utils/addrs.bro
>>
>> /usr/local/bro/share/bro/base/utils/conn-ids.bro
>>
>> /usr/local/bro/share/bro/base/utils/dir.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/reporter/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/reporter/main.bro
>>
>> /usr/local/bro/share/bro/base/utils/paths.bro
>>
>> /usr/local/bro/share/bro/base/utils/directions-and-hosts.bro
>>
>> /usr/local/bro/share/bro/base/utils/files.bro
>>
>> /usr/local/bro/share/bro/base/utils/numbers.bro
>>
>> /usr/local/bro/share/bro/base/utils/queue.bro
>>
>> /usr/local/bro/share/bro/base/utils/strings.bro
>>
>> /usr/local/bro/share/bro/base/utils/thresholds.bro
>>
>> /usr/local/bro/share/bro/base/utils/time.bro
>>
>> /usr/local/bro/share/bro/base/utils/urls.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/weird.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/actions/drop.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/actions/email_admin.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/actions/page.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/actions/add-geodata.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/extend-email/hostnames.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/cluster/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/cluster/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/control/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/control/main.bro
>>
>>
>> /usr/local/bro/spool/installed-scripts-do-not-touch/auto/cluster-layout.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/cluster/setup-connections.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/communication/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/communication/main.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/packet-filter/__load__.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/packet-filter/main.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/packet-filter/netstats.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/packet-filter/cluster.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/communication/listen.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/cluster/nodes/manager.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/cluster.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/notice/actions/pp-alarms.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/dpd/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/dpd/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/signatures/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/signatures/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/software/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/software/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/intel/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/intel/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/intel/cluster.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/intel/input.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/main.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/average.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/hll_unique.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/last.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/max.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/min.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/sample.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/std-dev.bro
>>
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/variance.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/sum.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/topk.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/plugins/unique.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/sumstats/cluster.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/tunnels/__load__.bro
>>
>> /usr/local/bro/share/bro/base/frameworks/tunnels/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/contents.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/inactivity.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/polling.bro
>>
>> /usr/local/bro/share/bro/base/protocols/conn/thresholds.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dhcp/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dhcp/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dhcp/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dhcp/utils.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dnp3/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dnp3/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dnp3/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dns/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dns/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/dns/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/utils-commands.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/info.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/utils.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/files.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ftp/gridftp.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssl/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssl/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssl/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssl/mozilla-ca-list.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssl/files.bro
>>
>> /usr/local/bro/share/bro/base/files/x509/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/x509/main.bro
>>
>> /usr/local/bro/share/bro/base/files/hash/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/hash/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/http/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/http/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/http/entities.bro
>>
>> /usr/local/bro/share/bro/base/protocols/http/utils.bro
>>
>> /usr/local/bro/share/bro/base/protocols/http/files.bro
>>
>> /usr/local/bro/share/bro/base/protocols/irc/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/irc/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/irc/dcc-send.bro
>>
>> /usr/local/bro/share/bro/base/protocols/irc/files.bro
>>
>> /usr/local/bro/share/bro/base/protocols/krb/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/krb/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/krb/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/krb/files.bro
>>
>> /usr/local/bro/share/bro/base/protocols/modbus/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/modbus/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/modbus/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/mysql/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/mysql/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/mysql/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/pop3/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/radius/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/radius/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/radius/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/rdp/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/rdp/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/rdp/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/sip/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/sip/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/snmp/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/snmp/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/smtp/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/smtp/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/smtp/entities.bro
>>
>> /usr/local/bro/share/bro/base/protocols/smtp/files.bro
>>
>> /usr/local/bro/share/bro/base/protocols/socks/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/socks/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/socks/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssh/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/ssh/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/syslog/__load__.bro
>>
>> /usr/local/bro/share/bro/base/protocols/syslog/consts.bro
>>
>> /usr/local/bro/share/bro/base/protocols/syslog/main.bro
>>
>> /usr/local/bro/share/bro/base/protocols/tunnels/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/pe/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/pe/consts.bro
>>
>> /usr/local/bro/share/bro/base/files/pe/main.bro
>>
>> /usr/local/bro/share/bro/base/files/extract/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/extract/main.bro
>>
>> /usr/local/bro/share/bro/base/files/unified2/__load__.bro
>>
>> /usr/local/bro/share/bro/base/files/unified2/main.bro
>>
>> /usr/local/bro/share/bro/base/misc/find-checksum-offloading.bro
>>
>> /usr/local/bro/share/bro/base/misc/find-filtered-trace.bro
>>
>> /usr/local/bro/spool/installed-scripts-do-not-touch/site/local.bro
>>
>> /usr/local/bro/share/bro/policy/misc/loaded-scripts.bro
>>
>> /usr/local/bro/share/bro/policy/tuning/defaults/__load__.bro
>>
>> /usr/local/bro/share/bro/policy/tuning/defaults/packet-fragments.bro
>>
>> /usr/local/bro/share/bro/policy/tuning/defaults/warnings.bro
>>
>>
>> /usr/local/bro/share/bro/policy/tuning/defaults/extracted_file_limits.bro
>>
>> /usr/local/bro/share/bro/policy/misc/scan.bro
>>
>> /usr/local/bro/share/bro/policy/misc/app-stats/__load__.bro
>>
>> /usr/local/bro/share/bro/policy/misc/app-stats/main.bro
>>
>> /usr/local/bro/share/bro/policy/misc/app-stats/plugins/__load__.bro
>>
>> /usr/local/bro/share/bro/policy/misc/app-stats/plugins/facebook.bro
>>
>> /usr/local/bro/share/bro/policy/misc/detect-traceroute/__load__.bro
>>
>> /usr/local/bro/share/bro/policy/misc/detect-traceroute/main.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/software/vulnerable.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/software/version-changes.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ftp/software.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/smtp/software.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssh/software.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/http/software.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/dns/detect-external-names.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ftp/detect.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/conn/known-hosts.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/conn/known-services.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssl/known-certs.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssl/validate-certs.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssl/log-hostcerts-only.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssh/geo-data.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssh/detect-bruteforcing.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/ssh/interesting-hostnames.bro
>>
>> /usr/local/bro/share/bro/policy/protocols/http/detect-sqli.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/files/hash-all-files.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/files/detect-MHR.bro
>>
>> /usr/local/bro/share/bro/broctl/__load__.bro
>>
>> /usr/local/bro/share/bro/broctl/main.bro
>>
>> /usr/local/bro/share/bro/policy/frameworks/control/controllee.bro
>>
>> /usr/local/bro/spool/installed-scripts-do-not-touch/site/local-manager.bro
>>
>> /usr/local/bro/share/bro/broctl/auto.bro
>>
>>
>> /usr/local/bro/spool/installed-scripts-do-not-touch/auto/local-networks.bro
>>
>>
>> /usr/local/bro/spool/installed-scripts-do-not-touch/auto/broctl-config.bro
>>
>> [proxy-1]
>>
>>
>> Bro 2.4.1
>>
>> Linux 3.13.0-48-generic
>>
>>
>> No gdb installed.
>>
>>
>> ==== No reporter.log
>>
>>
>> ==== stderr.log
>>
>>
>> ==== stdout.log
>>
>> max memory size (kbytes, -m) unlimited
>>
>> data seg size (kbytes, -d) unlimited
>>
>> virtual memory (kbytes, -v) unlimited
>>
>> core file size (blocks, -c) unlimited
>>
>>
>> ==== .cmdline
>>
>> -U .status -p broctl -p broctl-live -p local -p proxy-1 local.bro broctl
>> base/frameworks/cluster local-proxy broctl/auto
>>
>>
>> ==== .env_vars
>>
>> PATH=/usr/local/bro/bin:/usr/local/bro/share/broctl/scripts:/usr/local/bro/bin:/usr/local/bro/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
>>
>> BROPATH=/usr/local/bro/spool/installed-scripts-do-not-touch/site::/usr/local/bro/spool/installed-scripts-do-not-touch/auto:/usr/local/bro/share/bro:/usr/local/bro/share/bro/policy:/usr/local/bro/share/bro/site
>>
>> CLUSTER_NODE=proxy-1
>>
>>
>> ==== .status
>>
>> RUNNING [net_run]
>>
>>
>> ==== No prof.log
>>
>>
>> ==== No packet_filter.log
>>
>>
>> ==== No loaded_scripts.log
>>
>> [worker-1]
>>
>> error running crash-diag for worker-1
>>
>> Host 172.31.41.33 is not alive
>>
>> [worker-2]
>>
>> error running crash-diag for worker-2
>>
>> Host 172.31.41.31 is not alive
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
More information about the Bro
mailing list