Hello,
What is the easiest way to monitor if a worker crashes?
And if a worker crashes, is there a way to automatically bring it back up?
Ambros
What is the easiest way to monitor if a worker crashes?
And if a worker crashes, is there a way to automatically bring it back up?
1) broctl cron helps. Running it every N (5?) mins will check if any worker has
crashed and will restart those:
### broctl cron: process and disk maintenance
*/5 * * * * /usr/local/bin/randsleep 59 && broctl cron
What is the easiest way to monitor if a worker crashes?
Additional checks (nagios plugins) that help:
2) Bro process counts :
each bro worker is two bro process + 1 run-bro process - so a nagios monitor (or a simple bro process count helps too).
3) conn log line counts :
A while ago, I experienced a issue where bro process count checks out but bro
won't process the packets on the interfaces. So there is another check which
counts how many conn logs each worker is generating and if there is a
discripency (or a worker missing), it generates an alert.
for this you'd have to load conn-peer.bro : conn-peer.bro ยท GitHub
Hope this helps,
Aashish