[Bro] required ports open for cluster?
erik clark
philosnef at gmail.com
Tue Nov 8 04:13:29 PST 2016
(Sorry accidentally sent this to just Justin)...
Cool. I had punched the holes after running tcpdump on it for a while and
saw it trying to talk back. However, the one thing I don't understand is
that my logs arent being written back to the logger host, even though
communication is open.
/data/bro/logs/current
is empty on the logger. All I have there is an stderr.log and an stdout.og.
Neither the workers on the logger machine itself, nor the remote host, are
logging to that directory. Are they being kept somewhere else? I dont see
them anywhere in the /data/bro/(spool/log) directory....
On Mon, Nov 7, 2016 at 12:24 PM, Azoff, Justin S <jazoff at illinois.edu>
wrote:
> It will be in the documentation for 2.5
>
> https://www.bro.org/sphinx-git/components/broctl/README.
> html#bro-communication
>
> --
> - Justin Azoff
>
> > On Nov 7, 2016, at 12:13 PM, erik clark <philosnef at gmail.com> wrote:
> >
> > Ok, so I dont see this in any documentation on bro.org. I have a logger
> running on the same box as the manager, but I do not see any logs being
> generated in /data/bro/logs/current.
> >
> > I am assuming this is because traffic is being dropped on the floor
> because iptables is in a default reject state? Where is the explicit
> listing of ports that you need to punch in either firewalld or iptables?
> >
> > https://www.bro.org/sphinx/components/broctl/README.html
> >
> > does not have them listed, or any rule to have an entry in node.cfg to
> set the port to a specific number... Thanks!
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161108/858b0bec/attachment.html
More information about the Bro
mailing list