I am attempting to figure out how to get a Bro Cluster up and running, but all documentation I see is outdated. I am trying to use the latest SVN (though if you know how to do it with 1.5, I'll figure out the differences between the two), and I am having problems.
First of all, I have the manager and proxy nodes as the main box, with two workers being in virtualized OSes. They can all ping each other, so I know they are connected. I do not know how to start up bro in this method though. Should I be starting bro on the workers, then broctl on the manager? Vice Versa? Only start broctl?
My other problem is a new one, I am now getting an error when I try to start broctl on the manager node. It keeps telling me that the broctl start script can only be run on a manager node, is there some place to tell it this is the manager (it was working before, the errors I got were related to the workers, not the manager).
Sorry for the long email, but I have been working for quite a while and I can't figure this out. I have also spent a long time searching for help that's out there already, sorry if I missed it.
First of all, I have the manager and proxy nodes as the main box,
with two workers being in virtualized OSes. They can all ping each
other, so I know they are connected. I do not know how to start up
bro in this method though. Should I be starting bro on the workers,
then broctl on the manager? Vice Versa? Only start broctl?
I haven't tried such a setup yet but generally it shouldn't make a
difference whether the workers are in VMs or not. Use broctl (only)
on the manager, per the README.
broctl start script can only be run on a manager node, is there some
place to tell it this is the manager (it was working before, the
errors I got were related to the workers, not the manager).
Depending on the version you're using, this patch might or might not
be applied: