[Bro] All cluster instances are stopped yet their process is alive
Daniel Thayer
dnthayer at illinois.edu
Thu Aug 10 08:21:51 PDT 2017
I wonder if you have two different installations of Bro on your machine
(such as /usr/local/bro and /usr/local/bro.old, for example).
If so, you will need to be careful to use only one of them.
Also, be careful to not delete any files in the "spool"
directory. Otherwise, broctl might lose track of the bro
processes that it started.
On 8/8/17 3:32 AM, william de ping wrote:
> Hi,
>
> I am encountering a strange behavior here, I have a cluster (1
> manager,1proxy,8 workers) and after a while :
>
> * For some reason all of its instances appears as stopped
> * In the spool directory, I see an empty debug.log, manager folder and
> NO workers\tmp\proxy folders
> * Logs are still being written to the manager folder
> * All of bro's instances are actually still alive
>
> I used to have a "broctl cron" task in crontab, but it has been
> commented out
>
> I ran Broctl using root user, and I see that all of bro's processes run
> as root.
>
>
> any advice on this issue ?
>
>
> Thanks
>
> B
>
More information about the Bro
mailing list