[Bro-Dev] help Reading the backtrace

Aashish Sharma asharma at lbl.gov
Wed Jan 18 09:29:14 PST 2017 

So I am running a new detection package and everything seemed right but somehow since yesterday each worker is running at 5.7% to 6.3% CPU and not generating logs. 

The backtrace shows the following and how much (%) CPU is spending on what functions.

Can someone help me read why might BRO spend 17.5% of its time in 

bro-2.5/src/Dict.cc:void* Dictionary::NextEntry(HashKey*& h, IterCookie*& cookie, int return_hash) const

Here is functions and time spent in each of them: 

bro`_ZN8iosource4pcap10PcapSource17ExtractNextPacketEP6Packet        1   0.1%
bro`_ZNK13PriorityQueue3TopEv                               1   0.1%
bro`_ZNK7BroFunc4CallEP8ValPListP5Frame                     1   0.1%
bro`_Z15net_update_timed                                    1   0.1%
bro`_ZN16RemoteSerializer6GetFdsEPN8iosource6FD_SetES2_S2_        1   0.1%
bro`_ZN8EventMgr5DrainEv                                    1   0.1%
bro`_ZNK15EventHandlerPtrcvbEv                              1   0.1%
bro`_ZN8iosource6FD_Set6InsertEi                            1   0.1%
bro`_ZNK11ChunkedIOFd12ExtraReadFDsEv                       1   0.1%
bro`_ZN13PriorityQueue10BubbleDownEi                        1   0.1%
bro`0x699d60                                                2   0.1%
bro`_ZNK8iosource8IOSource6IsOpenEv                         2   0.1%
bro`_ZN8iosource6FD_Set6InsertERKS0_                        2   0.1%
bro`_ZNK8iosource6FD_Set5ReadyEP6fd_set                     3   0.2%
bro`_ZNK14DictEntryPListixEi                                3   0.2%
bro`_ZN8iosource6PktSrc25ExtractNextPacketInternalEv        4   0.3%
bro`_ZNSt3__16__treeIiNS_4lessIiEENS_9allocatorIiEEE15__insert_uniqueERKi        4   0.3%
bro`_ZNK8iosource6FD_Set3SetEP6fd_set                       5   0.3%
bro`0x69a610                                                5   0.3%
bro`_ZNSt3__16__treeIiNS_4lessIiEENS_9allocatorIiEEE7destroyEPNS_11__tree_nodeIiPvEE        5   0.3%
bro`0x699c00                                                6   0.4%
bro`_ZNSt3__16__treeIiNS_4lessIiEENS_9allocatorIiEEE16__construct_nodeIJRKiEEENS_10unique_ptrINS_11__tree_nodeIiPvEENS_22__tree_node_destructorINS3_ISC_EEEEEEDpOT_        6   0.4%
bro`0x69ad50                                                7   0.5%
bro`_ZN7HashKeyD2Ev                                         7   0.5%
bro`_ZN8iosource7Manager11FindSoonestEPd                    7   0.5%
bro`_ZN7HashKeyC2EPKvim                                    11   0.7%
bro`_ZNK18TableEntryValPDict9NextEntryERP7HashKeyRP10IterCookie       12   0.8%
bro`_ZN8TableVal8DoExpireEd                                16   1.1%
bro`_ZNK7HashKey7CopyKeyEPKvi                              16   1.1%
bro`_ZNK13TableEntryVal16ExpireAccessTimeEv               164  11.1%
bro`_ZNK8BaseList6lengthEv                                170  11.5%
bro`_ZNK8BaseListixEi                                     173  11.7%
bro`_ZNK10Dictionary9NextEntryERP7HashKeyRP10IterCookiei      259  17.5%

Aashish

More information about the bro-dev mailing list