cannot create working directory

Good afternoon,

I am new to Bro, and have been trying to google around for some information, I am hoping one of you may have run into this before.

Our bro system stopped updating a bit ago, and when I go into the manager console and attempt to start things up, I get a cannot create working directory error messages for the nodes.

Have any of you run into this? It looks like it should be fairly straight forward, but I am very new to the system, and the specific installation of it.

Jim

First guess, full file system. Linux?

df -h

should get you space available numbers.

James

Are you running commands as the correct user?

– KS

I am checking that out, because that would make perfect sense.

Thanks much!

Well...

  It doesn't look like a permissions issue, all files are bro:bro, and the broctl.sh script looks to be running as bro.

Plenty of space on the drives.

It has been suggested that I take this as an opportunity to install the latest version of bro on the nodes. I have a couple of questions:

On Ubuntu, can I run the command to install the binaries, is this recommended, or should I compile, any advantage/risk to either method?

Do I need to update the brocntl machine as well, that one is running more than just Bro so I cannot take it down at will.

Thanks much,

Jim

You're not out of inodes are you?

df -i

- -Warren

Well...

It doesn't look like a permissions issue, all files are bro:bro,
and the broctl.sh script looks to be running as bro.

Plenty of space on the drives.

It has been suggested that I take this as an opportunity to install
the latest version of bro on the nodes. I have a couple of
questions:

On Ubuntu, can I run the command to install the binaries, is this
recommended, or should I compile, any advantage/risk to either
method?

Do I need to update the brocntl machine as well, that one is
running more than just Bro so I cannot take it down at will.

Thanks much,

Jim

[mailto:bro-bounces@bro.org] On Behalf Of James Lay Sent: Thursday,
May 23, 2013 4:24 PM To: bro@bro.org Subject: Re: [Bro] cannot
create working directory

Good afternoon,

I am new to Bro, and have been trying to google around for some
information, I am hoping one of you may have run into this
before.

Our bro system stopped updating a bit ago, and when I go into the
manager console and attempt to start things up, I get a cannot
create working directory error messages for the nodes.

Have any of you run into this? It looks like it should be fairly
straight forward, but I am very new to the system, and the
specific installation of it.

Jim

First guess, full file system. Linux?

df -h

should get you space available numbers.

James _______________________________________________ Bro mailing
list bro@bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

_______________________________________________ Bro mailing list
bro@bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

- --
Warren Raquel <wraquel@illinois.edu>
Incident Response and Security Team Lead
National Center for Supercomputing Applications
+1 (217) 333-2876
PGP Fingerprint:
F88E 960B 6193 A3ED 0BB2
45C7 7DF9 57DB 6DCF 34C1

Are you getting the error message for only one node,
or more than one?

Did you verify that you can connect to the affected nodes,
and that each node has plenty of free disk space? You
could try (make sure you get output from every node): "broctl df"

Have you tried this?

    broctl stop
    broctl cleanup
    broctl install
    broctl check
    broctl restart

Apparently that error comes from "mkdir -p" failing to make the spool
directory.

You can find what that is by running

    broctl config | grep spooldir

so for whatever reason it failing(or at least thinking it is failing) to
mkdir -p spooldir/worker-name. cleanup+install may fix things though (
unless you are really out of inodes)

broctl doesn't show stderr from the mkdir command, so logging into the
worker node and running mkdir -p manually might conclusively show why
this isn't working.