Bro / Zeek broctl 找不到同伴
Bro / Zeek broctl unable to find peers
在集群模式下安装Bro后,peerstatus挂起,只生成基本日志,没有流量日志。没有 Conn 日志或任何其他日志。
下面的日志输出,我注意到在记录器和工作器中没有找到核心文件,但是当我从源代码安装时,不确定那个。我的 node.cfg 是默认集群设置。
我正在以 root 身份通过 ssh 访问工作节点
我关闭了集群模式,转到了单节点,它工作正常。
[root@localhost 2019-06-03]# sudo broctl status
Name Type Host Status Pid Started
logger logger xxx.xxx.x.xxx running 24853 04 Jun 16:50:39
manager manager xxx.xxx.x.xxx running 24899 04 Jun 16:50:40
proxy-1 proxy xxx.xxx.x.xxx running 24944 04 Jun 16:50:42
worker-1 worker xxx.xxx.x.xyy running 16406 04 Jun 16:50:43
[root@localhost 2019-06-03]# sudo broctl top
Name Type Host Pid VSize Rss Cpu Cmd
logger logger xxx.xxx.x.xxx 24853 264M 111M 0% bro
manager manager xxx.xxx.x.xxx 24899 229M 99M 6% bro
proxy-1 proxy xxx.xxx.x.xxx 24944 228M 100M 0% bro
worker-1 worker xxx.xxx.x.xyy 16406 803M 676M 6% bro
[root@localhost 2019-06-03]# sudo broctl check
logger scripts are ok.
manager scripts are ok.
proxy-1 scripts are ok.
worker-1 scripts are ok.
[root@localhost 2019-06-03]# sudo broctl diag
[logger]
No core file found.
Bro 2.6.1
Linux 3.10.0-957.12.2.el7.x86_64
Bro plugins: (none found)
==== No reporter.log
==== stderr.log
...
[logger]
type=logger
host=xxx.xxx.x.xxx
[manager]
type=manager
host=xxx.xxx.x.xxx
[proxy-1]
type=proxy
host=xxx.xxx.x.xxx
[worker-1]
type=worker
host=xxx.xxx.x.xyy
interface=ens192
通过在防火墙中打开端口 47760-47770 解决了该问题。现在一切正常。
不知何故,我错过了文档中的以下内容:
For a cluster setup, the logger listens on TCP port 47761, and the manager listens on TCP port 47762 (or 47761 if no logger is defined). Each proxy is assigned its own port number, starting with one number greater than the manager's port. Likewise, each worker is assigned its own port starting one number greater than the highest port number assigned to a proxy.
https://github.com/zeek/zeekctl
在集群模式下安装Bro后,peerstatus挂起,只生成基本日志,没有流量日志。没有 Conn 日志或任何其他日志。
下面的日志输出,我注意到在记录器和工作器中没有找到核心文件,但是当我从源代码安装时,不确定那个。我的 node.cfg 是默认集群设置。
我正在以 root 身份通过 ssh 访问工作节点
我关闭了集群模式,转到了单节点,它工作正常。
[root@localhost 2019-06-03]# sudo broctl status
Name Type Host Status Pid Started
logger logger xxx.xxx.x.xxx running 24853 04 Jun 16:50:39
manager manager xxx.xxx.x.xxx running 24899 04 Jun 16:50:40
proxy-1 proxy xxx.xxx.x.xxx running 24944 04 Jun 16:50:42
worker-1 worker xxx.xxx.x.xyy running 16406 04 Jun 16:50:43
[root@localhost 2019-06-03]# sudo broctl top
Name Type Host Pid VSize Rss Cpu Cmd
logger logger xxx.xxx.x.xxx 24853 264M 111M 0% bro
manager manager xxx.xxx.x.xxx 24899 229M 99M 6% bro
proxy-1 proxy xxx.xxx.x.xxx 24944 228M 100M 0% bro
worker-1 worker xxx.xxx.x.xyy 16406 803M 676M 6% bro
[root@localhost 2019-06-03]# sudo broctl check
logger scripts are ok.
manager scripts are ok.
proxy-1 scripts are ok.
worker-1 scripts are ok.
[root@localhost 2019-06-03]# sudo broctl diag
[logger]
No core file found.
Bro 2.6.1
Linux 3.10.0-957.12.2.el7.x86_64
Bro plugins: (none found)
==== No reporter.log
==== stderr.log
...
[logger]
type=logger
host=xxx.xxx.x.xxx
[manager]
type=manager
host=xxx.xxx.x.xxx
[proxy-1]
type=proxy
host=xxx.xxx.x.xxx
[worker-1]
type=worker
host=xxx.xxx.x.xyy
interface=ens192
通过在防火墙中打开端口 47760-47770 解决了该问题。现在一切正常。 不知何故,我错过了文档中的以下内容:
For a cluster setup, the logger listens on TCP port 47761, and the manager listens on TCP port 47762 (or 47761 if no logger is defined). Each proxy is assigned its own port number, starting with one number greater than the manager's port. Likewise, each worker is assigned its own port starting one number greater than the highest port number assigned to a proxy. https://github.com/zeek/zeekctl