The logstash-bro-xxxxxxxx is emply

[jack zhou]

Hello:

    Hello, recently my onion bro log is empty, the service is normal, the following is the bro service log, can you help me.

{"ts":"1970-01-01T00:00:00.000000Z","level":"Reporter::ERROR","message":"Failed to listen on INADDR_ANY:47761 (Broker::listen(Broker::a, Broker::p, Broker::retry))","location":"/opt/bro/share/bro/base/frameworks/broker/./main.bro, line 358"}

[Wes Lambert]

Hi Jack,

Are you still seeing traffic?

sudo broctl netstats

Are there stale Bro processes?

ps aux | grep bro (check for processes from before when you last restarted Bro)

Do you have adequate disk space?

df -h

Thanks,

Wes

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/37cfb2cc-9834-49da-8c5f-9c27bb1c168c%40googlegroups.com.

--

https://twitter.com/therealwlambert

https://securityonion.net/

[jack zhou]

The traffic and Bro processes is normal,also I can see the syslog and ossec log. 

The disk space is large enough

在 2019年10月22日星期二 UTC+8上午11:05:03，jack zhou写道：

[Wes Lambert]

Please provide the output of sostat-redacted, attaching as a plain text file, or using a service like Pastebin.

Thanks,

Wes

--

Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/e7212c40-688e-4554-8aa1-55af9585c5b5%40googlegroups.com.