Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2.3][beta] Bro fails when monitor interface is down #343

Closed
bndabbs opened this issue Jan 24, 2019 · 0 comments
Closed

[2.3][beta] Bro fails when monitor interface is down #343

bndabbs opened this issue Jan 24, 2019 · 0 comments
Assignees
@bndabbs
Labels
awaiting merge Issue will be closed when PR referenced in issue is merged to master bug
Milestone
2.3

Comments

@bndabbs
Copy link
Contributor

bndabbs commented Jan 24, 2019

We need to move the monitor interface ifup handler to run before the other handlers.
@bndabbs bndabbs added the bug label Jan 24, 2019
@bndabbs bndabbs added this to the 2.3 milestone Jan 24, 2019
@bndabbs bndabbs self-assigned this Jan 24, 2019
@bndabbs bndabbs added the awaiting merge Issue will be closed when PR referenced in issue is merged to master label Jan 30, 2019
@dcode dcode mentioned this issue Feb 22, 2019
Merged
dcode added a commit that referenced this issue Feb 22, 2019
@dcode
2.3 merge
f3ba006 
* New: Add ability to do multi-host deployment of sensor + data tiers (#339, [bndabbs@gmail.com](mailto:bndabbs@gmail.com))
* New: Integrate Docket into Kibana by default ([derek@rocknsm.io](mailto:derek@rocknsm.io))
* New: Improvements and additional Kibana dashboards (spartan782)
* Fixes: issue with Bro failing when monitor interface is down (#343, [bndabbs@gmail.com](mailto:bndabbs@gmail.com))
* Fixes: issue with services starting that shouldn’t (#346, [therealneu5ron@gmail.com](mailto:therealneu5ron@gmail.com))
* Fixes: race condition on loading dashboards into Kibana (#356, [derek@rocknsm.io](mailto:derek@rocknsm.io))
* Fixes: configuration for Docket allowing serving from non-root URI (#361, [derek@rocknsm.io](mailto:derek@rocknsm.io))
* Change: bro log retention value to one week rather than forever (#345, [sean.cochran@gmail.com](mailto:sean.cochran@gmail.com))
* Change: Greatly improve documentation  (#338, [sean.cochran@gmail.com](mailto:sean.cochran@gmail.com))
* Change: Reorganize README (#308, [bradford.dabbs@elastic.co](mailto:bradford.dabbs@elastic.co))
* Change: Move ECS to rock-dashboards repo (#305, [derek@rocknsm.io](mailto:derek@rocknsm.io))
* Change: Move RockNSM install paths to filesystem heirarchy standard locations (#344, [bndabbs@gmail.com](mailto:bndabbs@gmail.com))
@bndabbs bndabbs closed this as completed Feb 23, 2019
dcode added a commit that referenced this issue Mar 18, 2019
@dcode
Fix several roles to allow remote deployment
ce2552b 
- common: Create cache dir if doesn't exist. Only needed for logstash.
- common: Make GPG key trust idempotent for yum repodata
- common: Fix #380 by using `ini_file` module instead of 
`yum_repository` and adding CentOS distro check
- bro: Related to #343, fixed another edge case where bro would fail if 
interface was down when trying to start
- bro: Ensure `reload bro` handler runs after interfaces script
- elasticsearch: Changed Elasticsearch wait to use Elasticsearch API on 
the `es_url` endpoint, allowing both local and remote lookups
- elasticsearch: Fixed bug in config template to compare size of 
elasticsearch group vs the list itself
- suricata: Add PyYAML to explicit package list
- suricata: Ensure `suricata-update` is always run in 
`/var/lib/suricata`
dcode added a commit that referenced this issue Mar 18, 2019
@dcode
Fix several roles to allow remote deployment
877d720 
- common: Create cache dir if doesn't exist. Only needed for logstash.
- common: Make GPG key trust idempotent for yum repodata
- common: Fix #380 by using `ini_file` module instead of 
`yum_repository` and adding CentOS distro check
- bro: Related to #343, fixed another edge case where bro would fail if 
interface was down when trying to start
- bro: Ensure `reload bro` handler runs after interfaces script
- elasticsearch: Changed Elasticsearch wait to use Elasticsearch API on 
the `es_url` endpoint, allowing both local and remote lookups
- elasticsearch: Fixed bug in config template to compare size of 
elasticsearch group vs the list itself
- suricata: Add PyYAML to explicit package list
- suricata: Ensure `suricata-update` is always run in 
`/var/lib/suricata`
@dcode dcode mentioned this issue Mar 18, 2019
Merged
dcode added a commit that referenced this issue Mar 19, 2019
@dcode
Fix several roles to allow remote deployment
1146272 
- common: Create cache dir if doesn't exist. Only needed for logstash.
- common: Make GPG key trust idempotent for yum repodata
- common: Fix #380 by using `ini_file` module instead of 
`yum_repository` and adding CentOS distro check
- bro: Related to #343, fixed another edge case where bro would fail if 
interface was down when trying to start
- bro: Ensure `reload bro` handler runs after interfaces script
- elasticsearch: Changed Elasticsearch wait to use Elasticsearch API on 
the `es_url` endpoint, allowing both local and remote lookups
- elasticsearch: Fixed bug in config template to compare size of 
elasticsearch group vs the list itself
- suricata: Add PyYAML to explicit package list
- suricata: Ensure `suricata-update` is always run in 
`/var/lib/suricata`
dcode added a commit that referenced this issue Mar 19, 2019
@dcode
Fix several roles to allow remote deployment
620b418 
- common: Create cache dir if doesn't exist. Only needed for logstash.
- common: Make GPG key trust idempotent for yum repodata
- common: Fix #380 by using `ini_file` module instead of
`yum_repository` and adding CentOS distro check
- bro: Related to #343, fixed another edge case where bro would fail if
interface was down when trying to start
- bro: Ensure `reload bro` handler runs after interfaces script
- elasticsearch: Changed Elasticsearch wait to use Elasticsearch API on
the `es_url` endpoint, allowing both local and remote lookups
- elasticsearch: Fixed bug in config template to compare size of
elasticsearch group vs the list itself
- suricata: Add PyYAML to explicit package list
- suricata: Ensure `suricata-update` is always run in
`/var/lib/suricata`
- all roles: Replace `with_items` with `loop` keyword
dcode added a commit that referenced this issue Mar 19, 2019
@dcode
Fix several roles to allow remote deployment
abed4e7 
- common: Create cache dir if doesn't exist. Only needed for logstash.
- common: Make GPG key trust idempotent for yum repodata
- common: Fix #380 by using `ini_file` module instead of
`yum_repository` and adding CentOS distro check
- bro: Related to #343, fixed another edge case where bro would fail if
interface was down when trying to start
- bro: Ensure `reload bro` handler runs after interfaces script
- elasticsearch: Changed Elasticsearch wait to use Elasticsearch API on
the `es_url` endpoint, allowing both local and remote lookups
- elasticsearch: Fixed bug in config template to compare size of
elasticsearch group vs the list itself
- suricata: Add PyYAML to explicit package list
- suricata: Ensure `suricata-update` is always run in
`/var/lib/suricata`
- all roles: Replace `with_items` with `loop` keyword
dcode added a commit that referenced this issue Mar 29, 2019
@dcode
Fix several roles to allow remote deployment
0a2e6f3 
- common: Create cache dir if doesn't exist. Only needed for logstash.
- common: Make GPG key trust idempotent for yum repodata
- common: Fix #380 by using `ini_file` module instead of
`yum_repository` and adding CentOS distro check
- bro: Related to #343, fixed another edge case where bro would fail if
interface was down when trying to start
- bro: Ensure `reload bro` handler runs after interfaces script
- elasticsearch: Changed Elasticsearch wait to use Elasticsearch API on
the `es_url` endpoint, allowing both local and remote lookups
- elasticsearch: Fixed bug in config template to compare size of
elasticsearch group vs the list itself
- suricata: Add PyYAML to explicit package list
- suricata: Ensure `suricata-update` is always run in
`/var/lib/suricata`
- all roles: Replace `with_items` with `loop` keyword
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bndabbs bndabbs

Labels
awaiting merge Issue will be closed when PR referenced in issue is merged to master bug
Projects
None yet
Milestone
2.3
Development

No branches or pull requests
1 participant
@bndabbs