Bro error: "too many values to unpack"

fatema_bannatwala · March 8, 2017, 5:51pm

I usually once in a while run into an error, when I do a restart on the bro cluster.
The restart successes but not sure what those error lines mean, as I don’t find
anything abnormal after bro cluster restarts.

Does anyone have a clue?

[fatema@mng site]$ /usr/local/bin/restart-bro
removing old policies in /mnt/brolog/spool/installed-scripts-do-not-touch/site …
removing old policies in /mnt/brolog/spool/installed-scripts-do-not-touch/auto …
creating policy directories …
installing site policies …
generating cluster-layout.bro …
generating local-networks.bro …
generating broctl-config.bro …
generating broctl-config.sh …
updating nodes …
Error: cannot create a directory on node proxy-3
Error: Failed to establish ssh connection to host 10.10.24.211: too many values to unpack

stopping …
stopping worker-1-1 …
stopping worker-1-10 …
stopping worker-1-11 …
stopping worker-1-12 … And SO ON

…

starting …
starting logger …
starting manager …
starting proxy-1 …
starting proxy-2 …
starting proxy-3 …
starting proxy-4 …
starting worker-1-1 …
starting worker-1-10 …
starting worker-1-11 … And SO ON

The restart-bro script looks something like this:

#!/bin/sh

sudo -u bro /usr/local/bro/default/bin/broctl install
sudo /usr/local/bro/bin/fix-perms
sudo -u bro /usr/local/bro/default/bin/broctl restart
sudo /usr/local/bro/bin/restart-bro-dependents

Thanks,
Fatema.

johanna · March 14, 2017, 6:08pm

Random guess - can you search if you specified http://… instead of just
the IP address in node.cfg?

Johanna

fatema_bannatwala · March 14, 2017, 7:26pm

Hi Johanna,

The proxies, workers, logger and manager, all defined with the host field as their fqdn, in node.cfg.

For ex:
[logger]
type=logger
host=manager.udel.edu

[manager]
type=manager
host=manager.udel.edu

[proxy-1]
type=proxy
host=worker1.udel.edu

[worker-1]
type=worker
host=worker1.udel.edu
interface=eth1
lb_method=pf_ring
lb_procs=22
pin_cpus=4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46

I run into this issue once in a while, and think maybe because the manager or workers might be overloaded during restart and

hence manager isn’t able to connect to one of the workers (proxy), and connection times out? but didn’t really got to know the reason of

the other part of the error (“too many values…”). Thanks for looking into it. Appreciate it.

Thanks,

Fatema.

Topic		Replies	Views
Bro Cluster Issue Zeek	2	64	May 6, 2022
proxy crashing on Bro cluster Zeek	7	97	May 6, 2022
Going from standalone to Bro cluster error Zeek	3	64	May 6, 2022
Host key verification failed. Zeek	9	91	May 6, 2022
Basic Cluster Install Issues Zeek	2	72	May 6, 2022

Bro error: "too many values to unpack"

Related Topics