I am not seeing any of the logs from the worker nodes on the manger node in the Log dir.
Is there some setting that I am missing? Using broctl I can see the worker nodes are working, and if I ssh to the worker nodes I can see the log in the spool dir, they just never seem to make it back to the manager.
This is a new setup from SVN running on RHEL 5.5 64 bit and my first attempt at Bro, so please be gentle.
That's intentional, the workers' logs are discarded upon rotation.
What information in there would you like to see archived?
This was do a dumb mistake on my proxy's firewall. I have allowed ports 47760 and 47761 thru and I am now seeing the results I was expecting.
Now to get the other 12 worker nodes set up...
Is there any documentation related to the Cflow headend and capstats working together as eluded to some of the config files?
Enterprise Security Analyst
Enterprise Information Privacy and Security Services (EIPSs)
Security Operations and Services (SOS)
Information Technology Services (ITS)
The Pennsylvania State University (PSU)
Direct Telephone: 814-865-2297
ITS-SOS Telephone: 814-863-9533
ITS-SOS E-Mail: email@example.com
No, sorry. broctl can talk to the cFlow to get traffic stats and
will print and record them in parallel with what capstats reports.
You'll need cPacket's command line tool for that, as broctl just
calls it for doing the communication with the device. I can send you
a config example if you have the tool installed.