[Bro-Dev] #608: broctl print times out if the table is too big

Aashish Sharma asharma at lbl.gov
Tue Dec 13 11:03:26 PST 2011


On Tue, Dec 13, 2011 at 06:27:47PM -0000, Bro Tracker wrote:
> #608: broctl print times out if the table is too big
> ----------------------+------------------------
>   Reporter:  aashish  |      Owner:
>       Type:  Problem  |     Status:  new
>   Priority:  Normal   |  Milestone:  Bro2.0
>  Component:  Bro      |    Version:  git/master
> Resolution:           |   Keywords:
> ----------------------+------------------------
> 
> Comment (by seth):
> 
>  That's a different timeout.  

Right! That is another timeout which has been bothering a bit. 

My point is while you guys are looking at the timeout, might as well
look at this one too. 

>  taking so long to shutdown.  What are you finding that Bro is spending so
>  much time doing in the bro_done event?

In catch-and-release, bro tries to restore all the dropped addresses
which are in Drop::drop_info table back on the acl before shutting down.
This can take a few mins when table size is ~5-10K 

Aashish 

>  is related to how long broctl will wait for python-broccoli events to
>  return.    I think that the larger problem we need to ask is why Bro is
>  taking so long to shutdown.  What are you finding that Bro is spending so
>  much time doing in the bro_done event?
> 
>  > Btw, how do I configure these timeouts once support is built for it ?
> 
>  From checking the commit Jon did, it looks like CommTimeout in broctl.cfg.
> 
> -- 
> Ticket URL: <http://tracker.bro-ids.org/bro/ticket/608#comment:17>
> Bro Tracker <http://tracker.bro-ids.org/bro>
> Bro Issue Tracker

-- 
Aashish Sharma	(asharma at lbl.gov) 				 
Cyber Security, Information Technology Division  
Lawrence Berkeley National Laboratory  
http://www.lbl.gov/cyber/pgp-aashish.txt 
Office: (510)-495-2680  Cell: (510)-457-1525


More information about the bro-dev mailing list