I am running Bro on Ubuntu LTS 16.04 and I just upgraded the kernel from linux-image-4.4.0-62-generic_4.4.0-62 to linux-image-4.4.0-62-generic_4.4.0-96 along with the headers (I first stopped bro before upgrading via broctl).
After I rebooted, I went into broctl and tried to re-start bro, but if failed. It said it couldn’t find /run-bro. So after checking to make sure all the files were where they were supposed to be, I thought that maybe the new image install had overwritten something. So I went back into broctl and ran the install command. Then I tried to start bro again. This time when it failed to start, the diag said it couldn’t find the interface of eth0. What was weird since I knew a/ didn’t have an interface with that name and b/ had already configured bro to use the correctly named interface. After some poking around, I realized that a new node.cfg had been created at /etc/bro along with new broccoli.conf, broctl.cfg and networks.cfg (well, I don’t know if they are new since they are dated back to 2015). These are different than the originally installed and correct files located at /usr/local/bro/etc.
How do I get broctl to point back to the correct cfg files?
Thanks.
Craig
Note: please excuse any delays in response as I currently don’t have constant access to Gmail