[Bro] bro master crashing

Matt Clemons matt.clemons at gmail.com
Thu Mar 9 09:59:03 PST 2017


I've tried commenting out all workers in node.cfg except for the one
master, one proxy, and one worker system using 6 worker processes.  Still
crashes after around 15 seconds.


On Thu, Mar 9, 2017 at 11:55 AM, Azoff, Justin S <jazoff at illinois.edu>
wrote:

> > On Mar 9, 2017, at 12:40 PM, Matt Clemons <matt.clemons at gmail.com>
> wrote:
> >
> > And I can't tell why.
> >
> > One master.  26 worker systems.  Total of 200 worker processes.  All
> centos6.  Bro 2.5.
> >
> > Crashes just started happening last night.  System has been running
> since the release of 2.5 with 0 issues.
>
> I'm actually surprised that works at all.  Because bro currently (but not
> for much longer) uses select for handling connections from all the workers,
> the manager will fail as soon as it gets enough connections for a file
> descriptor to hit above 1024.  You used to hit that limit around 175
> workers.  Though now that I think of it, we fixed a .bro script leak in
> 2.5, so I think the new limit may be around 220 for bro 2.5.  The next
> version of bro should hopefully not have a limit :-)
>
> > Any way to tell why it's crashing?  So far, all i have is the email from
> broctl and it's not very helpful.
> >
>
> This message:
>
> > received termination signal
> >
>
> Means something killed it, probably the kernel OOM killer. Does syslog
> show anything?
>
>
> --
> - Justin Azoff
>
>
>


-- 
Regards,

Matt Clemons
(816) 200-0789
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170309/4e4d3470/attachment.html 


More information about the Bro mailing list