[Bro] Bro (4.2.1) &synchronized attribute doesn't seem to be working with default cluster configuration

Luke Young youn1614 at umn.edu
Tue Apr 5 09:20:01 PDT 2016


I seem to be having an issue with the &synchronized attribute when running
in a cluster configuration on the latest stable release, Bro 4.2.1. I've
condensed it down into a small re-produceable proof of concept.

I took a standard bro install, appended the following POC to local.bro:
sync.bro
<https://gist.github.com/innoying/14bf431e5d5d8695d12f5668e1d2afc6#file-sync-bro>

I configured a manager, 2 proxies and 2 workers: node.cfg
<https://gist.github.com/innoying/14bf431e5d5d8695d12f5668e1d2afc6#file-node-cfg>

Finally I deployed the configuration and scripts via broctl and checked the
output: broctl.stdout
<https://gist.github.com/innoying/14bf431e5d5d8695d12f5668e1d2afc6#file-broctl-stdout>

Since the "pids" set has the "&synchronized" attribute one would expect
that as each node appends it's own pid the "pids" set would grow, however
this is not the behavior observed.

Am I missing something obvious for this functionality to work?

Thanks,
Luke Young
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160405/5d27cc75/attachment.html 


More information about the Bro mailing list