[Bro] Bro 2.5 Logger crash --> Broken Log Directory naming

Fri Dec 23 11:08:55 PST 2016

Hello all,

I've recently come to be responsible for a Bro server and am doing my best
to keep everything running smoothly at the moment. 

We are running a cluster configuration on a single physical machine.
Recently we updated to Bro 2.5 from 2.4. Additionally, we modified our
cluster configuration to enable a 1 logger process alongside 16 workers, 3
proxies, and 1 manager process (prior we were running without the logger and
were seeing the manager crashing regularly due to memory constraints).

The output log file structure has had a strange file naming for a short
period of time around 2am last night. It seems that the incorrect file
naming may correspond to the logger having crashed. It seems when the Logger
process is being brought back online by the Broctl Cron task, the logger
logs to a strange directory naming for some short period of time.

Strange log directory naming:

[/bro/logs]$ du -h 20*

1.7G    2000-00-

1.7G    2000-59-

3.3G    2010-00-

67G     2016-12-21

160G    2016-12-22

84G     2016-12-23

1.9G    2020-00-

1.6G    2021-16-

5.1G    2030-00-

8.0K    2030-16-

3.2G    2040-00-

1.9G    2040-10-

1.7G    2050-00-

1.9G    2050-05-

How can I ensure that when the logger comes online after a crash that it
won't use a strange directory naming?

Thanks for any thoughts or help!

Best Regards,

-Ryan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161223/6ec05caf/attachment.html 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: LoggerCrashReport.txt
Url: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161223/6ec05caf/attachment.txt 