[Bro-Dev] #860: Rotation trouble

[Bro Tracker]

#860: Rotation trouble
---------------------+------------------------
 Reporter:  robin    |      Owner:
     Type:  Problem  |     Status:  new
 Priority:  High     |  Milestone:  Bro2.1
Component:  Bro      |    Version:  git/master
 Keywords:           |
---------------------+------------------------
 (From Seth).

 There seems to be a problem with rotation.  Specifically, the
 rotations_pending variable in the logging manager.  It looks like there is
 some
 problem at shutdown where a rotation is scheduled but the thread is
 shutdown before it receives the message so it never gets a chance to call
 the FinishedRotation method so the logging manager sits there waiting for
 all rotations to finish but they won't ever finish.

 Here's a snippet from my debug log showing the last scheduled rotation but
 the rotation never actually happening:

 $ grep dns/Log debug.log | grep -i rotat
 1232039460.367675/1343270203.053525 [logging] Scheduled rotation timer for
 dns/Log::WRITER_ELASTICSEARCH to 1232039520.000000
 1232039520.000107/1343270239.105484 [logging] Rotating
 dns/Log::WRITER_ELASTICSEARCH at 1232039520.000107
 1232039520.000107/1343270239.105502 [threading] Sending 'Rotate' to
 dns/Log::WRITER_ELASTICSEARCH ...
 1232039520.000107/1343270239.105523 [logging] Scheduled rotation timer for
 dns/Log::WRITER_ELASTICSEARCH to 1232039580.000000

 You can replicate the problem by running Bro with a tracefile like this…

 bro -r ~/somepackets.trace Log::default_rotation_interval=1min

 You just need to make sure that your tracefile causes a rotation (the
 packets timestamps need to cross from one minute to another).  When
 Bernhard and I were talking last night we realized that this problem has
 been hidden by the bg task executor in the tests because it's killing
 the processes even though they are probably in this eternal loop that
 we're seeing here.

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/860>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker