Some questions about bro-2.5.4 cluster configuration

Hi,

Sorry for the last mail without title. I edit this mail agian.
I encounter two questions when do cluster configuration with bro-2.5.4. Could you please help me to answer it?

The first question:
This page: https://www.bro.org/sphinx/configuration/index.html gives the instruction about how to configure the node.cfg file on manager host. But do not give an example of node.cfg/networks.cfg of a worker/proxy host which is an another machine. Could you please give me some instructions about this？

The second question:
After start broctl, I run start command and found wroker was crashed. start command message is as following:

[BroControl] > start
starting logger …
starting manager …
starting proxy-1 …
starting worker-1 …
starting worker-2 …
(worker-2 still initializing)
(worker-1 still initializing)

The following is the error message of “diag worker-1”. The error message tells me libstdc++.so.6 does not support GLIBCXX_3.4.19 or GLIBCXX_3.4.15. But in fact, it supports.

/home/wangdejin/mybro/bin/bro: /usr/lib64/libstdc++.so.6: version GLIBCXX_3.4.19' not found (required by /home/wangdejin/mybro/bin/bro)* */home/wangdejin/mybro/bin/bro: /usr/lib64/libstdc++.so.6: version GLIBCXX_3.4.15’ not found (required by /home/wangdejin/mybro/bin/bro)

The following message shows the GLIBCXX version that libstdc++.so.6 supports.

[root@4A_secsom2 bin]# strings /usr/lib64/libstdc++.so.6 | grep “GLIBCXX”
GLIBCXX_3.4
GLIBCXX_3.4.1
GLIBCXX_3.4.2
GLIBCXX_3.4.3
GLIBCXX_3.4.4
GLIBCXX_3.4.5
GLIBCXX_3.4.6
GLIBCXX_3.4.7
GLIBCXX_3.4.8
GLIBCXX_3.4.9
GLIBCXX_3.4.10
GLIBCXX_3.4.11
GLIBCXX_3.4.12
GLIBCXX_3.4.13
GLIBCXX_3.4.14
GLIBCXX_3.4.15
GLIBCXX_3.4.16
GLIBCXX_3.4.17
GLIBCXX_3.4.18
GLIBCXX_3.4.19
GLIBCXX_FORCE_NEW
GLIBCXX_DEBUG_MESSAGE_LENGTH

my OS is CentOS release 6.4 (Final). I really do not know what it happens.

Look forward to your reply. Thank you!

First question: you do not need node.cfg or networks.cfg on the other proxy/worker hosts. The manager host will push the config the to other hosts via SSH.

Second question: the message seems to indicate that it can’t find some of the C libraries. I would try installing/upgrading/reinstalling glibc, glibc-common, glibc-headers. E.g.:

yum install glibc glibc-common glibc-headers
yum reinstall glibc glibc-common glibc-headers

yum upgrade glibc glibc-common glibc-headers

If you are using broctl to manage a cluster of Bro instances that
run on different machines, then you need to make sure that all of
the machines in your Bro cluster are running the same OS version.
If you installed custom libraries on the manager, then they need to
also be installed on the other machines in your cluster.

Based on the error messages you are seeing, it looks like the libstdc++
installed on your manager machine is not the same as the one installed
on the worker machine.

-Daniel