[Bro] broctl print capture_filters failing

Perry, David perry29 at llnl.gov
Wed Apr 11 15:07:51 PDT 2018 

Thanks, Aashish.  It does work.

> On Apr 11, 2018, at 1:36 PM, Aashish Sharma <asharma at lbl.gov> wrote:
> 
> David, 
> 
> I have started using a different technique for debug/dumping now:
> 
> I tap into "event reporter_info" 
> 
> rough example : 
> 
> $cat a.bro  
> 
> redef capture_filters += { ["my-net"] = "(vlan and not net 1.2.0.0/16) or not net 1.2.0.0/16", } ; 
> 
> event bro_init()
> {
>    local _msg = "" ; 
> 
>        for (a in capture_filters)
>        { 
>               _msg = fmt ("capture-filters: %s-> %s", a, capture_filters[a]);
>                event reporter_info(network_time(), _msg, peer_description);   
>        } 
> }
> 
> 
> then run as: bro -i eth0 ./a.bro 
> 
> 
> $cat reporter.log  | fgrep capture-filters 
> 
> 
> you should see the output. 
> 
> event reporter_info is a good event to tap for dumping info in a cluster setup.
> Basically I've used it as a cluster version of "print fmt (" used in standalone. 
> 
> Hope this helps, 
> Aashish 
> 
> 
> On Wed, Apr 11, 2018 at 07:58:43PM +0000, Perry, David wrote:
>> I have a two-worker cluster running on an Ubuntu VM.  Bro was installed from the packages provided by OpenSUSE.
>> Ubuntu 16.04.4 LTS
>> Bro 2.5.3
>> BroControl Version 1.7.
>> 
>> Aside from commenting out most "@load protocols/xxx" lines, I have made minimal changes to the configuration.
>> 
>> I am debugging capture filters but unfortunately broctl print capture_filters throws an error.  'broctl status' works fine.
>> 
>> broctl status
>> Name         Type    Host             Status    Pid    Started
>> manager      manager localhost        running   11704  10 Apr 15:09:24
>> proxy-1      proxy   localhost        running   11880  10 Apr 15:09:25
>> worker-1     worker  localhost        running   11937  10 Apr 15:09:27
>> worker-2     worker  localhost        running   11938  10 Apr 15:09:27
>> 
>> broctl print capture_filters
>>     manager   <error: cannot connect to 127.0.0.1:47761>
>>     proxy-1   <error: cannot connect to 127.0.0.1:47762>
>>    worker-1   <error: cannot connect to 127.0.0.1:47763>
>>    worker-2   <error: cannot connect to 127.0.0.1:47764>
>> 
>> I added 'Debug=1' to broctl.cfg, re-ran the commands and looked in /opt/bro/spool/debug.log but found no additional information.
>> 
>> Perhaps I am still missing some software?  Incompatible version of python-broccoli (came from Ubuntu)?
>> 
>> David
> 
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>

More information about the Bro mailing list