I’m a new bro user and have tried to find the answer to this, but have had no luck. I’ve got version 2.1 installed. I can run bro in standalone mode with no problem, but I’ve tried to install a bro cluster with worker-1 on a remote host/VM with the same problem. Here is what I’ve tried to do:
created user jesse on both manager/proxy - 192.168.43.1
o configured node.cfg for manager and proxy to be 192.168.43.1
o configured node.cfg for worker-1 to be 192.168.43.130
o performed ssh-keygen as user jesse
o copied .ssh/rsa_id.pub to 192.168.43.130 /home/jesse/.ssh/authorized_keys
o able to ssh as jesse from 192.168.43.1 to 192.168.43.130 with no required password/passphrase
o added jesse to /etc/sudoers to do everything root can
created user jesse on worker-1 192.168.43.130 (VM)
o changed owner of /usr/local/bro to jesse
o added jesse to /etc/sudoers to do everything root can
as user jesse on manager/proxy > sudo broctl
[BroControl] > install
removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/site … done.
removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/auto … done.
creating policy directories … done.
installing site policies … done.
generating cluster-layout.bro … done.
generating local-networks.bro … done.
generating broctl-config.bro … done.
updating nodes … warning: host 192.168.43.130 is not alive <== Not sure why I got this
done.
[BroControl] > install
waiting for lock … ok
removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/site … done.
removing old policies in /usr/local/bro/spool/installed-scripts-do-not-touch/auto … done.
creating policy directories … done.
installing site policies … done.
generating cluster-layout.bro … done.
generating local-networks.bro … done.
generating broctl-config.bro … done.
updating nodes … done. <== Able to find 192.168.43.130 next time
[BroControl] > diag worker-1
[worker-1]
No work dir found
[BroControl] > start
starting manager …
starting proxy-1 …
starting worker-1 …
cannot create working directory for worker-1 <== Issue
cannot create working directory for [(<BroControl.node.Node instance at 0x18c14d0>, ‘/usr/local/bro/spool/worker-1’)] <== tried to put a debug statement in control.py to see the actual directory it was having issues with
I see nothing installed in /usr/local/bro/spool on worker-1
Thanks for any help you can give me