[Bro] out of memory after a couple days?
sconzo at visiblerisk.com
Wed Dec 4 16:36:49 PST 2013
I've seen this behavior too (in addition so some really weird and
massive packet drops). I've been trying to gather some perf.log data
and track it down to the time(s) in question. One of the strange parts
is it's on a box that's only seeing 200mbps w/8 bro workers on 16
cores and 96GB of ram.
On Wed, Dec 4, 2013 at 6:05 PM, Gary Faulkner <gary at doit.wisc.edu> wrote:
> I've been running on Bro 2.2 for just under a month mostly without incident.
> After my most recent restart it ran for about two days since before I
> received crash reports for several workers and proxies across multiple
> hosts. Upon investigation it looks like I might have run out of memory. I
> found logs such as the following in /var/log/messages on all of my nodes
> (manager and worker nodes):
> bro invoked oom-killer
> Out of memory: Kill process 7152 (bro) score 151 or sacrifice child
> Has anyone seen this before? Is this just a sign I need more RAM or am I
> possibly running into a memory leak? I have run for up to a week without
> incident in the past before restarting of my own accord after making various
> changes to reporting, policy etc. The only thing I changed prior to the last
> restart was to disable an email notice I had previously set.
> Gary Faulkner
> UW Madison
> Office of Campus Information Security
> Bro mailing list
> bro at bro-ids.org
cat ~/.bash_history > documentation.txt
More information about the Bro