HI folks
I ran out of disk last week and after cleaning up I find that bro won't start. At first "broctl start" would hang after the 'starting manager…' you had to kill the processes.
I then reinstalled bro (keeping my config) and now I get:
sensors@secmontst01:~$ sudo broctl start
starting manager ...
manager terminated immediately after starting; check output with "diag"
so I did that:
sensors@secmontst01:~$ sudo broctl diag
[manager]
No gdb installed.
==== No reporter.log
==== stderr.log
error in /opt/bro/share/bro/base/frameworks/cluster/__load__.bro, line 16: can't open cluster-layout
==== stdout.log
unlimited
unlimited
unlimited
==== .cmdline
-U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
==== .env_vars
PATH=/opt/bro/bin:/opt/bro/share/broctl/scripts:/sbin:/bin:/usr/sbin:/usr/bin
BROPATH=/var/opt/bro/spool/installed-scripts-do-not-touch/site::/var/opt/bro/spool/installed-scripts-do-not-touch/auto:/opt/bro/share/bro:/opt/bro/share/bro/policy:/opt/bro/share/bro/site
CLUSTER_NODE=manager
broctl.cfg:
## Global BroControl configuration file.
# Recipient address for all emails send out by Bro and BroControl.
MailTo = r.fulton@auckland.ac.nz
# Site-specific policy script to load. Bro will look for this in
# $PREFIX/share/bro/site. A default local.bro comes preinstalled
# and can be customized as desired.
SitePolicyStandalone = local.bro
# Location of other configuration files that can be used to customize
# BroControl operation (e.g. local networks, nodes).
CfgDir = /opt/bro/etc
# Location of the spool directory where files and data that are currently being
# written are stored.
SpoolDir = /home/sensors/data/test1/bro-spool
# Location of the log directory. This is longer term storage for rotated logs.
LogDir = /home/sensors/data/test1/bro-logs
# Rotation interval in seconds for log files on manager/standalone node.
LogRotationInterval = 3600
# Expiration interval for log files in LogDir. Files older than this many days
# will be deleted upon running "broctl cron".
# LogExpireInterval = 30
# Lower threshold for space available on the disk that holds SpoolDir. If less
# space is available, BroControl starts sending out warning emails.
MinDiskSpace = 5
# Logs debug information into spool/debug.log.
Debug = 1
network.cfg:
List of local networks in CIDR notation, optionally followed by a
# descriptive tag.
# For example, "10.0.0.0/8" or "fe80::/64" are valid prefixes.
172.24.0.0/16 UoA staff wireless
172.23.0.0/16 UoA student wireless
130.216.0.0/16 UoA wired
10.2.0.0/16 UoA resnet
node.cfg:
[manager]
type=manager
host=130.216.5.218
