[Bro] Fwd: Crash report from bro

Joe Klemencic jklemenc at fnal.gov
Thu Feb 11 13:09:12 PST 2010


I am running on dual Quad-Core AMD Opteron Processor 2378 hardware, and
CPU usage is very low. It is running against a 1GB interface fed from a
1GB buffered feed.

I'll try the use_connection_compressor and see how it goes.

Joe


On 02/11/2010 02:26 PM, Louis F Ruppert wrote:
> You wouldn't happen to be running on non-intel hardware, would you?  I get a similar error when running it on a rack full of ultrasparc based Netra servers.  I suspect there may be some parts of bro that are not terribly architecture independent.  The following put in your local.bro file serves as a workaround:
> 
> use_connection_compressor=F
> 
> -Lou
> 
> --
> Lou Ruppert
> Intrusion Analyst, GCFA
> Information Security
> Syracuse University
> ________________________________________
> From: bro-bounces at ICSI.Berkeley.EDU [bro-bounces at ICSI.Berkeley.EDU] On Behalf Of Joe Klemencic [jklemenc at fnal.gov]
> Sent: Thursday, February 11, 2010 1:50 PM
> To: bro at bro-ids.org
> Subject: [Bro] Fwd:  Crash report from bro
> 
> I have been getting the crash report below on a new Bro installation:
> Ubuntu Karmic
> Bro 1.5.1
> 
> This happens whenever broctl cron is run.
> 
> Any pointers would be appreciated since I am new to the Bro world, and
> have been struggling with the lack of documentation for 1.5.1.
> 
> Thanks,
> Joe
> 
> -------- Original Message --------
> Subject: [Bro] Crash report from bro
> 
> 
> warning: Can't read pathname for load map: Input/output error.
> ==== stderr.log
> listening on eth5
> /usr/local/bro/share/broctl/scripts/run-bro: line 73: 27429 Segmentation
> fault      (core dumped) nohup $tmpbro $@
> ==== stdout.log
> 
> ==== .status
> RUNNING [net_run]
> 
> ==== No prof.log.
> 
> core
> Core was generated by `/usr/local/bro/spool/tmp/bro -i eth5 -U .status
> -p broctl -p standalone -p loca'.
> Program terminated with signal 11, Segmentation fault.
> #0  FragTimer::ClearReassembler (this=0x11ae9c70) at Frag.h:62
> 62              void ClearReassembler() { f = 0; }
> 
> --
> [Automatically generated.]
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4006 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100211/369c2250/attachment.bin 


More information about the Bro mailing list