[Bro] 2.5 Beta cluster issue

[eshelton]

Previously, I have successfully run a 2.4.1 Bro cluster with 160 workers
processes. After updating to 2.5_beta, I'm suddenly seeing an issue crop up
where I'm unable to start this same number of worker processes without the
manager and logger crashing either immediately, or shortly after restarting
the cluster. I'm able to successfully get to 140 worker processes, but when
I try to add the last two nodes (10 worker procs each) back into the mix,
things go wonky quickly. There is no crash report being generated as I
would have normally expected. I have checked for orphan processes within
the cluster, and none exist.

I'm wondering if this is re-manifestation of an issue Justin Azoff assisted
me with in the past (Bro 2.4.1 cluster) where he noted that around 180
worker procs, this sort of issue can happen. In this previous case after
finding orphaned worker processes and killing them, I was able to
successfully start my cluster at full strength.

Any input regarding this issue would be greatly appreciated.

Respectfully,

-Erin Shelton

Program Manager: Incident Response and Network Security
Office of Information Technology
University of Colorado Boulder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161006/10ce316d/attachment.html