[Bro] Segmentation fault while using own signature.

Seth Hall seth at icir.org
Fri Jan 13 10:28:54 PST 2017

> On Jan 13, 2017, at 12:06 PM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:

> ,
>   I wrote a little script to run gstack for all bro processes for every minute. And ran it when I loaded the new sig and restarted bro.
> I have attached the output files for two sensors where I captured the gstack stats. Let me know if that's not the correct way of capturing stack trace.

You need to collect a core dump when the crash happens and get a stack trace from that.  If this is on Linux, you will need to set your kernel.core_pattern sysctl value to something like the following....

sudo sysctl -w kernel.core_pattern=core.%e-%t-%p

If you have things set this way and you have gdb installed, broctl should automatically generate a stack trace when it restarts the dead process.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list