Logs disappearing on broctl restart

Description

Noticed that on certain restarts of bro-2.4-beta, logs arbitrarily disappear.

Restarts happen as

  • broctl check; broctl restart

  • broctl check; broctl restart --clean

  • broctl restart

or some variant - not precisely sure. But all log files for that duration of restarts are missing

Environment

None

Activity

Show:
Daniel Thayer
May 26, 2015, 4:47 PM

I don't believe there is really anything new here (the way logs get archived
hasn't really changed since at least Bro 2.0), but for the next release
I'd like to change the way logs are archived to make the whole procedure
more robust and less confusing to the user (perhaps broctld could play
a role in this). I've added a small section to the broctl user manual
describing how a user could deal with this situation (hopefully that will
clear up some of the confusion).

Aashish Sharma
June 14, 2015, 4:46 PM

Issue Remains.

I am not sure what specific crashes of bro is causing it but yes logs are not getting archived.

While, I have not manually been able to reproduce this, there is quite a few of this events which happened automatically since Jun 1st:

Logs got moved to ~/spool/tmp but never got archived:

36G post-terminate-2015-06-02-13-50-24-6473-crash
9.4G post-terminate-2015-06-03-15-05-04-18332-crash
11G post-terminate-2015-06-05-15-05-05-12274-crash
9.4G post-terminate-2015-06-08-15-05-45-71408-crash
11G post-terminate-2015-06-11-15-05-45-5191-crash

Daniel Thayer
June 17, 2015, 8:07 PM

Have you tried upgrading to the 2.4 release? (all but one of the timestamps in your comment are from before the official release of 2.4)

Seth Hall
September 4, 2015, 11:51 AM

Aashish, one more ping on this before we close it.

Aashish Sharma
September 4, 2015, 4:13 PM

Please close it!

If I encounter this again, I will request a new ticket !!!

Assignee

Daniel Thayer

Reporter

Aashish Sharma

Labels

None

External issue ID

None

Components

Affects versions

Priority

High
Configure