[Bro-Dev] BiF parsing index types

Seth Hall seth at icir.org
Sun May 22 23:55:24 PDT 2011


On May 18, 2011, at 1:59 PM, Will wrote:

> No, I wasn't til now. Forgive my nubness, but what specifically are
> <id> and <node>? i.e. process id of parent ps or variable name? If
> standalone, would node be just bro, localhost or something completely
> different?

ID is the name of the variable that you would like printed and node is the name of the Bro instance that you'd like to inspect the value on. If you don't give a node it will print the value from all nodes.

>>> /usr/local/bro/share/bro/scan.bro, line 117: internal error: NB-DNS
>>> error in DNS_Mgr::WaitForReplies (ns_initparse(): Message too long)
>>> Abort trap: 6 (core dumped)
>> 
>> These kind of errors usually indicate trouble with the system's DNS
>> setup. However, I don't think I've ever seen the "message too long"
>> message.
>> 
> 1305735623.373659 internal error: NB-DNS error in DNS_Mgr::Process
> (ns_initparse(): Message too long)
> /usr/local/bro/share/broctl/scripts/run-bro: line 73: 31891 Abort
> trap: 6           (core dumped) nohup $tmpbro $@
> ==== stdout.log
> ==== .status
> TERMINATED [internal_error]
> ==== No prof.log.
> bro.core
> Core was generated by `bro'.
> Program terminated with signal 6, Aborted.
> #0  0x286e8a27 in kill () from /lib/libc.so.7
> #0  0x286e8a27 in kill () from /lib/libc.so.7
> #1  0x286e8986 in raise () from /lib/libc.so.7
> #2  0x286e756a in abort () from /lib/libc.so.7
> #3  0x080517a4 in internal_error () at SSLInterpreter.cc:30

Question for Robin/Vern/whomever, should this really be calling internal_error?  It's definitely worthwhile to log that some sort of error was received from libbind, but I don't think Bro should be shutting down when it has a problem like this.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/




More information about the bro-dev mailing list