[Bro] Bro crashing on start

Johanna Amann johanna at icir.org
Fri Oct 14 06:18:23 PDT 2016 

Hello Drake,

I am not aware of any changes that we did that should cause this kind of
error, so I assume that the reason for this is not the updated pfring, and
not the updated Bro.

Could you check if this indeed does work with Bro 2.4.1 and the new
pfring, or if Bro 2.4.1 and the new pfring fails in the same way and
report back? :)

Thanks,
 Johanna

On Thu, Oct 06, 2016 at 11:01:50PM -0400, Drake Aronhalt wrote:
> All,
>   This morning I updated bro and pfring on my dev sensor to their
> respective git master branches and started receiving this error when I try
> to start bro:
> 
> # broctl start
> 
> starting logger ...
> 
> starting manager ...
> 
> starting proxy-1 ...
> 
> starting worker-1-1 ...
> 
> starting worker-1-2 ...
> 
> starting worker-1-3 ...
> 
> starting worker-1-4 ...
> 
> starting worker-1-5 ...
> 
> worker-1-5 terminated immediately after starting; check output with "diag"
> 
> worker-1-4 terminated immediately after starting; check output with "diag"
> 
> worker-1-1 terminated immediately after starting; check output with "diag"
> 
> worker-1-3 terminated immediately after starting; check output with "diag"
> 
> worker-1-2 terminated immediately after starting; check output with "diag"
> 
> 
> running 'broctl diag' gives me this
> 
>       fatal error: problem with interface eno33557248 (pcap_error: BPF
> program is not valid)
> 
> 
> 
> pf_ring is loading properly as far as I can tell. My node.cfg is below:
> 
> 
> [logger]
> 
> type=logger
> 
> host=localhost
> 
> 
> [manager]
> 
> type=manager
> 
> host=localhost
> 
> 
> [proxy-1]
> 
> type=proxy
> 
> host=localhost
> 
> 
> [worker-1]
> 
> type=worker
> 
> host=localhost
> 
> interface=eno33557248
> 
> lb_method=pf_ring
> 
> lb_procs=5
> 
> pin_cpus=2,3,4,5,6
> 
> 
> Any ideas on what causes this? Should I just roll back to my last config
> that worked, or did I miss a change in bro 2.5 config?
> 
> 
> Drake

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list