[Bro] log streams in a bro cluster
Luis Martin Liras
martin.liras at gmail.com
Wed Jun 8 01:43:04 PDT 2016
Hi all,
I need some help with the logs generated by a Bro Cluster:
I have 5 bro scripts that run in all workers of my cluster
infrastructure. All of them work OK, sending notices to the manager and
all the staff, but one of them should create a LOG stream (warnings.log)
that I can't find anywhere:
Log::create_stream(umas::WARN, [$columns=warn_info,$path="warnings"]);
If I run my script in a single bro installation, all logs and notices
seem to work, but I need it working in a cluster infrastructure.
I expected this Log stream to be sent to the 'logs' directory in the
manager, but that log file is not there. Only standard log files
(dns.log, http.log, stdout.log, etc) are copied to the 'logs' directory.
This warnings.log file do not appear either anywhere in the worker, and
not error log file is shown, so... I'm lost.
I anyone can shed some light into this, I would appreciate it.
The other problem I have is the following: My script should open a
config file. In a single machine infrastructure this config file is in
the same directory of the scripts, and everything work fine. The file is
opened and read. However in a cluster infrastructure the file is not
opened in the workers. I find that the file is copied by broctl to the
worker BUT it is not read when the bro script is running. Anyone can
tell me what I'm doing wrong or where should I locate that file in the
workers?
Thank you for any help!!
More information about the Bro
mailing list