[Bro] Bro error: "too many values to unpack"

fatema bannatwala fatema.bannatwala at gmail.com
Tue Mar 14 12:26:14 PDT 2017


Hi Johanna,

The proxies, workers, logger and manager, all defined with the host field
as their fqdn, in node.cfg.
For ex:
[logger]
type=logger
host=manager.udel.edu

[manager]
type=manager
host=manager.udel.edu

[proxy-1]
type=proxy
host=worker1.udel.edu

[worker-1]
type=worker
host=worker1.udel.edu
interface=eth1
lb_method=pf_ring
lb_procs=22
pin_cpus=4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46

I run into this issue once in a while, and think maybe because the manager
or workers might be overloaded during restart and
hence manager isn't able to connect to one of the workers (proxy), and
connection times out? but didn't really got to know the reason of
the other part of the error ("too many values.."). Thanks for looking into
it. Appreciate it.

Thanks,
Fatema.


On Tue, Mar 14, 2017 at 2:08 PM, Johanna Amann <johanna at icir.org> wrote:

> Random guess - can you search if you specified http://... instead of just
> the IP address in node.cfg?
>
> Johanna
>
> On Wed, Mar 08, 2017 at 12:51:21PM -0500, fatema bannatwala wrote:
> > I usually once in a while run into an error, when I do a restart on the
> bro
> > cluster.
> > The restart successes but not sure what those error lines mean, as I
> don't
> > find
> > anything abnormal after bro cluster restarts.
> >
> > Does anyone have a clue?
> >
> > [fatema at mng site]$ /usr/local/bin/restart-bro
> > removing old policies in
> > /mnt/brolog/spool/installed-scripts-do-not-touch/site ...
> > removing old policies in
> > /mnt/brolog/spool/installed-scripts-do-not-touch/auto ...
> > creating policy directories ...
> > installing site policies ...
> > generating cluster-layout.bro ...
> > generating local-networks.bro ...
> > generating broctl-config.bro ...
> > generating broctl-config.sh ...
> > updating nodes ...
> > *Error: cannot create a directory on node proxy-3*
> > *Error: Failed to establish ssh connection to host 10.10.24.211
> > <http://10.10.24.211>: too many values to unpack*
> > stopping ...
> > stopping worker-1-1 ...
> > stopping worker-1-10 ...
> > stopping worker-1-11 ...
> > stopping worker-1-12 ... And SO ON
> > ...
> > starting ...
> > starting logger ...
> > starting manager ...
> > starting proxy-1 ...
> > starting proxy-2 ...
> > starting proxy-3 ...
> > starting proxy-4 ...
> > starting worker-1-1 ...
> > starting worker-1-10 ...
> > starting worker-1-11 ... And SO ON
> >
> > The restart-bro script looks something like this:
> >
> > #!/bin/sh
> >
> > sudo -u bro /usr/local/bro/default/bin/broctl install
> > sudo /usr/local/bro/bin/fix-perms
> > sudo -u bro /usr/local/bro/default/bin/broctl restart
> > sudo /usr/local/bro/bin/restart-bro-dependents
> >
> > Thanks,
> > Fatema.
>
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170314/90197888/attachment.html 


More information about the Bro mailing list