All cluster instances are stopped yet their process is alive

william_de_ping · August 8, 2017, 8:32am

Hi,

I am encountering a strange behavior here, I have a cluster (1 manager,1proxy,8 workers) and after a while :

For some reason all of its instances appears as stopped
In the spool directory, I see an empty debug.log, manager folder and NO workers\tmp\proxy folders
Logs are still being written to the manager folder
All of bro’s instances are actually still alive

I used to have a “broctl cron” task in crontab, but it has been commented out

I ran Broctl using root user, and I see that all of bro’s processes run as root.

any advice on this issue ?

Thanks

B

Daniel_Thayer · August 10, 2017, 3:21pm

I wonder if you have two different installations of Bro on your machine
(such as /usr/local/bro and /usr/local/bro.old, for example).
If so, you will need to be careful to use only one of them.

Also, be careful to not delete any files in the "spool"
directory. Otherwise, broctl might lose track of the bro
processes that it started.

Topic		Replies	Views
all broctl instances are running yet broctl status shows stopped Zeek	7	73	May 6, 2022
- broctl running, no new logs Zeek	1	70	May 6, 2022
Possible Bro Cluster communication issue? Zeek	6	98	May 6, 2022
Bro processes not stopping on 'broctl restart' Zeek	1	64	May 6, 2022
broctl process tracking problems Development development	6	171	May 6, 2022

All cluster instances are stopped yet their process is alive

Related topics