[Bro] Bro logger not starting with mounted directories
Jeffrey Poore
openshift.ninja at gmail.com
Mon Oct 1 07:47:07 PDT 2018
So I have a Bro cluster running in some containers, with a single
instance of each node type, manager, logger, proxy and worker, all
running on different servers. Log files get written to
/usr/local/bro-2.5.4/spool/logger on the logger host, and then they get
moved to folders under /usr/local/bro-2.5.4/logs. Everything is working
ok, but I want to be able to write the logs to a mounted volume so that
they can be seen outside the container. I tried mounting folders for
both the bro/spool/logger folder and then also the bro/logs folder, but
then the logger won't start (I checked that the permissions for the
folder allow for reading and writing of any user inside the container,
although currently the process is running as root). I was able to mount
the bro/logs folder and start everything ok, but obviously the files
written to the bro/spool/logger folder are only rotated over to the
bro/logs folder periodically.
Does anyone have any ideas why the logger wouldn't start? The command to
start the logger doesn't seem to output any obvious message that would
indicate why it failed, and the bro process itself isn't running after
the execution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181001/afd891e5/attachment.html
More information about the Bro
mailing list