[Bro] out of memory after a couple days?

Gary Faulkner gary at doit.wisc.edu
Wed Dec 4 16:05:30 PST 2013

I've been running on Bro 2.2 for just under a month mostly without 
incident. After my most recent restart it ran for about two days since 
before I received crash reports for several workers and proxies across 
multiple hosts. Upon investigation it looks like I might have run out of 
memory. I found logs such as the following in /var/log/messages on all 
of my nodes (manager and worker nodes):

bro invoked oom-killer
Out of memory: Kill process 7152 (bro) score 151 or sacrifice child

Has anyone seen this before? Is this just a sign I need more RAM or am I 
possibly running into a memory leak? I have run for up to a week without 
incident in the past before restarting of my own accord after making 
various changes to reporting, policy etc. The only thing I changed prior 
to the last restart was to disable an email notice I had previously set.


Gary Faulkner
UW Madison
Office of Campus Information Security

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6257 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131204/aaa77846/attachment.bin 

More information about the Bro mailing list