[Bro] Bro 2.3.2-419 segfaults when using PF_RING 6.0.3 libpcap 1.6.2 and pfdnacluster_master on RHEL 6.6
Gary Faulkner
gfaulkner.nsm at gmail.com
Tue Feb 24 10:23:59 PST 2015
Hello,
I’m having trouble getting Bro to run with PF_RING after updating from
RHEL 6.5 to RHEL 6.6. The PF_RING aware drivers (DNA/ZC etc) in the
“stable” 6.0.2 branch of PF_RING don’t appear to compile correctly on
RHEL 6.6, which necessitated a move to the latest 6.0.3 development
branch (rev.9009). This version compiles fine and I have it working with
both Suricata and nprobe, but can’t get it working with Bro. Bro doesn’t
seem to be able to open the dnacluster:21 at 0 etc interfaces with the new
version. Specifically bro segfaults when calling the PF_RING version of
libpcap.so.1.6.2, which is a new version of libpcap in 6.0.3. Previously
libpcap was 1.1.1. I have also tried to compile PF_RING 6.0.2 stable on
RHEL 6.6 with the newer drivers, but the version of pfdnacluster_master
that ships with PF_RING 6.0.2 stable (that uses the older libpcap) will
silently crash on RHEL 6.6. I’ve attached the output of a broctl diag to
this email. Typically when I've seen an error where bro can’t listen on
dnacluster in the past it has been due to the interface already being in
use, bro not being able to find pfring, or not compiling against the
correct libpcap. I’ve verified this isn’t the case to the best of my
ability (no other libpcap on the system, fresh dna driver load and
instance of pfdnaclster_master, pfring in $PATH etc). I’ve also verified
that I can see packets on the dnacluster interfaces by testing with
pfcount. It looks like perhaps bro doesn’t like the new version of
libpcap. I have tried compiling and running bro with debugging enabled,
but bro seems to crash on the workers without generating anything in the
various debug.log files. Any thoughts?
Here are example error messages from /var/log/messages:
kernel: bro[1653]: segfault at 1371670 ip 00007f5a9e7f0660 sp
00007fff8714b300 error 4 in libpcap.so.1.6.2[7f5a9e7d9000+90000]
kernel: bro[1643]: segfault at 1371670 ip 00007ff16d19b660 sp
00007fff81eea9a0 error 4 in libpcap.so.1.6.2[7ff16d184000+90000]
kernel: bro[1656]: segfault at 1371670 ip 00007fcf3c6cf660 sp
00007fff3e1789b0 error 4 in libpcap.so.1.6.2[7fcf3c6b8000+90000]
kernel: bro[1644]: segfault at 1 ip 00007f5932268506 sp 00007fffcd3ea0b0
error 4 in libpcap.so.1.6.2[7f5932251000+90000]
kernel: bro[1642]: segfault at 1 ip 00007ff3d1c83506 sp 00007fff468f4930
error 4 in libpcap.so.1.6.2[7ff3d1c6c000+90000]
kernel: bro[1658]: segfault at 1371670 ip 00007f53584f2660 sp
00007ffff89515f0 error 4 in libpcap.so.1.6.2[7f53584db000+90000]
kernel: bro[1652]: segfault at 1371670 ip 00007f158fbc7660 sp
00007fff14aa7e20 error 4 in libpcap.so.1.6.2[7f158fbb0000+90000]
kernel: bro[1660]: segfault at 1371670 ip 00007f2fee8e7660 sp
00007ffff9dacaf0 error 4 in libpcap.so.1.6.2[7f2fee8d0000+90000]
kernel: bro[1641]: segfault at 1 ip 00007f32fbc48506 sp 00007fff7d9b2a00
error 4 in libpcap.so.1.6.2[7f32fbc31000+90000]
kernel: bro[1662]: segfault at b836210 ip 00007f5c9d669660 sp
00007fff71636fb0 error 4 in libpcap.so.1.6.2[7f5c9d652000+90000]
kernel: bro[4220]: segfault at 1371670 ip 00007f6d35299660 sp
00007fff4d896940 error 4 in libpcap.so.1.6.2[7f6d35282000+90000]
kernel: bro[4465]: segfault at 1371670 ip 00007f202ff75660 sp
00007fff04fff8c0 error 4 in libpcap.so.1.6.2[7f202ff5e000+90000]
kernel: bro[4710]: segfault at 1371670 ip 00007fd8bc794660 sp
00007fff33041db0 error 4 in libpcap.so.1.6.2[7fd8bc77d000+90000]
kernel: bro[7873]: segfault at 1371670 ip 00007ffc910f2660 sp
00007fff1b5ba1b0 error 4 in libpcap.so.1.6.2[7ffc910db000+90000]
kernel: bro[8065]: segfault at 1371670 ip 00007ffaa5c8f660 sp
00007fff3cdde390 error 4 in libpcap.so.1.6.2[7ffaa5c78000+90000]
kernel: bro[8257]: segfault at 63745e0 ip 00007ff913224660 sp
00007fff297ca2f0 error 4 in libpcap.so.1.6.2[7ff91320d000+90000]
kernel: bro[8446]: segfault at 1371670 ip 00007f0a1c567660 sp
00007fffdf059910 error 4 in libpcap.so.1.6.2[7f0a1c550000+90000]
kernel: bro[8638]: segfault at 1371670 ip 00007f50982af660 sp
00007fff703caa30 error 4 in libpcap.so.1.6.2[7f5098298000+90000]
kernel: bro[8835]: segfault at 1371670 ip 00007f1b4acd2660 sp
00007fffacc16630 error 4 in libpcap.so.1.6.2[7f1b4acbb000+90000]
kernel: bro[9036]: segfault at 1 ip 00007f10df91b506 sp 00007fff5ac3e320
error 4 in libpcap.so.1.6.2[7f10df904000+90000]
Regards,
Gary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150224/8c3b09f6/attachment-0001.html
-------------- next part --------------
[manager]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== reporter.log
0.000000 Reporter::ERROR count underflow (--Cluster::worker_count) /nsm/bro/share/bro/base/frameworks/cluster/./main.bro, line 150
1424727407.765899 Reporter::INFO processing continued (empty)
0.000000 Reporter::ERROR count underflow (--Cluster::worker_count) /nsm/bro/share/bro/base/frameworks/cluster/./main.bro, line 150
0.000000 Reporter::ERROR count underflow (--Cluster::worker_count) /nsm/bro/share/bro/base/frameworks/cluster/./main.bro, line 150
1424727412.126406 Reporter::INFO processing continued (empty)
1424727414.338706 Reporter::INFO processing suspended (empty)
1424727414.338727 Reporter::INFO processing continued (empty)
0.000000 Reporter::ERROR count underflow (--Cluster::worker_count) /nsm/bro/share/bro/base/frameworks/cluster/./main.bro, line 150
0.000000 Reporter::ERROR count underflow (--Cluster::worker_count) /nsm/bro/share/bro/base/frameworks/cluster/./main.bro, line 150
0.000000 Reporter::ERROR count underflow (--Cluster::worker_count) /nsm/bro/share/bro/base/frameworks/cluster/./main.bro, line 150
==== stderr.log
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/nsm/bin:/nsm/share:/nsm/man:/home/nsm/bin:/nsm/bro:/nsm/bro/bin:/nsm/pfring/bin:/nsm/pfring/sbin:/nsm/pfring/include:/nsm/pfring/include/linux:/nsm/pfring/lib:/nsm/pfring/modules:/nsm/pfring/share:/nsm/PF_RING/userland/lib:/usr/share/GeoIP:/usr/lib64:/usr/include:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=manager
==== .status
RUNNING [net_run]
==== prof.log
1424727431.270431 known_services/Log::WRITER_ASCII in=173 out=139 pending=0/0 (#queue r/w: in=173/173 out=139/139)
1424727431.270431 x509/Log::WRITER_ASCII in=174 out=139 pending=0/0 (#queue r/w: in=174/174 out=139/139)
1424727431.270431 ssl/Log::WRITER_ASCII in=174 out=139 pending=0/0 (#queue r/w: in=174/174 out=139/139)
1424727431.270431 notice/Log::WRITER_ASCII in=175 out=139 pending=0/0 (#queue r/w: in=175/175 out=139/139)
1424727431.270431 syslog/Log::WRITER_ASCII in=150 out=139 pending=0/0 (#queue r/w: in=150/150 out=139/139)
1424727431.270431 known_certs/Log::WRITER_ASCII in=159 out=139 pending=0/0 (#queue r/w: in=159/159 out=139/139)
1424727431.270431 ftp/Log::WRITER_ASCII in=144 out=139 pending=0/0 (#queue r/w: in=144/144 out=139/139)
1424727431.270431 dpd/Log::WRITER_ASCII in=152 out=139 pending=0/0 (#queue r/w: in=152/152 out=139/139)
1424727431.270431 conn/Log::WRITER_ASCII in=150 out=138 pending=0/0 (#queue r/w: in=150/150 out=138/138)
1424727431.270431 smtp/Log::WRITER_ASCII in=139 out=136 pending=0/0 (#queue r/w: in=139/139 out=136/136)
==== packet_filter.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path packet_filter
#open 2015-02-23-15-34-51
#fields ts node filter init success
#types time string string bool bool
[worker-1-1]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
listening on dnacluster:21 at 0, capture length 8192 bytes
1424727385.842901 processing suspended
1424727385.842938 processing continued
/nsm/bro/share/broctl/scripts/run-bro: line 85: 7873 Segmentation fault nohup $mybro "$@"
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 0 -U .status -p broctl -p broctl-live -p local -p worker-1-1 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-1
==== .status
RUNNING [net_run]
==== prof.log
1424727385.837440 TCP-States:Rst.
1424727385.837440 Connections expired due to inactivity: 0
1424727385.837440 Total reassembler data: 0K
1424727385.837440 Timers: current=37 max=38 mem=2K lag=1424727384.84s
1424727385.837440 DNS_Mgr: requests=0 succesful=0 failed=0 pending=0 cached_hosts=0 cached_addrs=0
1424727385.837440 Triggers: total=0 pending=0
1424727385.837440 RotateTimer = 3
1424727385.837440 ScheduleTimer = 12
1424727385.837440 TableValTimer = 22
1424727385.837440 Threads: current=0
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-10]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
listening on dnacluster:21 at 1, capture length 8192 bytes
1424727388.066983 processing suspended
1424727388.067015 processing continued
/nsm/bro/share/broctl/scripts/run-bro: line 85: 8065 Segmentation fault nohup $mybro "$@"
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 1 -U .status -p broctl -p broctl-live -p local -p worker-1-10 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-10
==== .status
RUNNING [net_run]
==== prof.log
1424727388.060710 TCP-States:Rst.
1424727388.060710 Connections expired due to inactivity: 0
1424727388.060710 Total reassembler data: 0K
1424727388.060710 Timers: current=37 max=38 mem=2K lag=1424727387.06s
1424727388.060710 DNS_Mgr: requests=0 succesful=0 failed=0 pending=0 cached_hosts=0 cached_addrs=0
1424727388.060710 Triggers: total=0 pending=0
1424727388.060710 RotateTimer = 3
1424727388.060710 ScheduleTimer = 12
1424727388.060710 TableValTimer = 22
1424727388.060710 Threads: current=0
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-11]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
listening on dnacluster:21 at 2, capture length 8192 bytes
1424727390.295242 processing suspended
1424727390.295280 processing continued
/nsm/bro/share/broctl/scripts/run-bro: line 85: 8257 Segmentation fault nohup $mybro "$@"
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 2 -U .status -p broctl -p broctl-live -p local -p worker-1-11 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-11
==== .status
RUNNING [net_run]
==== prof.log
1424727390.288829 TCP-States:Rst.
1424727390.288829 Connections expired due to inactivity: 0
1424727390.288829 Total reassembler data: 0K
1424727390.288829 Timers: current=37 max=38 mem=2K lag=1424727389.29s
1424727390.288829 DNS_Mgr: requests=0 succesful=0 failed=0 pending=0 cached_hosts=0 cached_addrs=0
1424727390.288829 Triggers: total=0 pending=0
1424727390.288829 RotateTimer = 3
1424727390.288829 ScheduleTimer = 12
1424727390.288829 TableValTimer = 22
1424727390.288829 Threads: current=0
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-12]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
listening on dnacluster:21 at 3, capture length 8192 bytes
1424727392.477571 processing suspended
1424727392.477593 processing continued
/nsm/bro/share/broctl/scripts/run-bro: line 85: 8446 Segmentation fault nohup $mybro "$@"
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 3 -U .status -p broctl -p broctl-live -p local -p worker-1-12 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-12
==== .status
RUNNING [net_run]
==== prof.log
1424727392.471928 TCP-States:Rst.
1424727392.471928 Connections expired due to inactivity: 0
1424727392.471928 Total reassembler data: 0K
1424727392.471928 Timers: current=37 max=38 mem=2K lag=1424727391.47s
1424727392.471928 DNS_Mgr: requests=0 succesful=0 failed=0 pending=0 cached_hosts=0 cached_addrs=0
1424727392.471928 Triggers: total=0 pending=0
1424727392.471928 RotateTimer = 3
1424727392.471928 ScheduleTimer = 12
1424727392.471928 TableValTimer = 22
1424727392.471928 Threads: current=0
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-13]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
listening on dnacluster:21 at 4, capture length 8192 bytes
1424727394.641198 processing suspended
1424727394.641244 processing continued
/nsm/bro/share/broctl/scripts/run-bro: line 85: 8638 Segmentation fault nohup $mybro "$@"
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 4 -U .status -p broctl -p broctl-live -p local -p worker-1-13 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-13
==== .status
RUNNING [net_run]
==== prof.log
1424727394.634207 TCP-States:Rst.
1424727394.634207 Connections expired due to inactivity: 0
1424727394.634207 Total reassembler data: 0K
1424727394.634207 Timers: current=37 max=38 mem=2K lag=1424727393.63s
1424727394.634207 DNS_Mgr: requests=0 succesful=0 failed=0 pending=0 cached_hosts=0 cached_addrs=0
1424727394.634207 Triggers: total=0 pending=0
1424727394.634207 RotateTimer = 3
1424727394.634207 ScheduleTimer = 12
1424727394.634207 TableValTimer = 22
1424727394.634207 Threads: current=0
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-14]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
listening on dnacluster:21 at 5, capture length 8192 bytes
1424727396.855224 processing suspended
1424727396.855269 processing continued
/nsm/bro/share/broctl/scripts/run-bro: line 85: 8835 Segmentation fault nohup $mybro "$@"
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 5 -U .status -p broctl -p broctl-live -p local -p worker-1-14 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-14
==== .status
RUNNING [net_run]
==== prof.log
1424727396.849169 TCP-States:Rst.
1424727396.849169 Connections expired due to inactivity: 0
1424727396.849169 Total reassembler data: 0K
1424727396.849169 Timers: current=37 max=38 mem=2K lag=1424727395.85s
1424727396.849169 DNS_Mgr: requests=0 succesful=0 failed=0 pending=0 cached_hosts=0 cached_addrs=0
1424727396.849169 Triggers: total=0 pending=0
1424727396.849169 RotateTimer = 3
1424727396.849169 ScheduleTimer = 12
1424727396.849169 TableValTimer = 22
1424727396.849169 Threads: current=0
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-15]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
listening on dnacluster:21 at 6, capture length 8192 bytes
1424727315.591060 processing suspended
1424727315.591087 processing continued
/nsm/bro/share/broctl/scripts/run-bro: line 85: 4220 Segmentation fault nohup $mybro "$@"
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 6 -U .status -p broctl -p broctl-live -p local -p worker-1-15 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-15
==== .status
RUNNING [net_run]
==== prof.log
1424727315.584755 TCP-States:Rst.
1424727315.584755 Connections expired due to inactivity: 0
1424727315.584755 Total reassembler data: 0K
1424727315.584755 Timers: current=37 max=38 mem=2K lag=1424727314.58s
1424727315.584755 DNS_Mgr: requests=0 succesful=0 failed=0 pending=0 cached_hosts=0 cached_addrs=0
1424727315.584755 Triggers: total=0 pending=0
1424727315.584755 RotateTimer = 3
1424727315.584755 ScheduleTimer = 12
1424727315.584755 TableValTimer = 22
1424727315.584755 Threads: current=0
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-16]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
listening on dnacluster:21 at 7, capture length 8192 bytes
1424727399.037673 processing suspended
1424727399.037757 processing continued
/nsm/bro/share/broctl/scripts/run-bro: line 85: 9036 Segmentation fault nohup $mybro "$@"
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 7 -U .status -p broctl -p broctl-live -p local -p worker-1-16 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-16
==== .status
RUNNING [net_run]
==== prof.log
1424727399.029738 TCP-States:Rst.
1424727399.029738 Connections expired due to inactivity: 0
1424727399.029738 Total reassembler data: 0K
1424727399.029738 Timers: current=37 max=38 mem=2K lag=1424727398.03s
1424727399.029738 DNS_Mgr: requests=0 succesful=0 failed=0 pending=0 cached_hosts=0 cached_addrs=0
1424727399.029738 Triggers: total=0 pending=0
1424727399.029738 RotateTimer = 3
1424727399.029738 ScheduleTimer = 12
1424727399.029738 TableValTimer = 22
1424727399.029738 Threads: current=0
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-17]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
listening on dnacluster:21 at 8, capture length 8192 bytes
1424727318.002349 processing suspended
1424727318.002371 processing continued
/nsm/bro/share/broctl/scripts/run-bro: line 85: 4465 Segmentation fault nohup $mybro "$@"
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 8 -U .status -p broctl -p broctl-live -p local -p worker-1-17 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-17
==== .status
RUNNING [net_run]
==== prof.log
1424727317.996649 TCP-States:Rst.
1424727317.996649 Connections expired due to inactivity: 0
1424727317.996649 Total reassembler data: 0K
1424727317.996649 Timers: current=37 max=38 mem=2K lag=1424727317.00s
1424727317.996649 DNS_Mgr: requests=0 succesful=0 failed=0 pending=0 cached_hosts=0 cached_addrs=0
1424727317.996649 Triggers: total=0 pending=0
1424727317.996649 RotateTimer = 3
1424727317.996649 ScheduleTimer = 12
1424727317.996649 TableValTimer = 22
1424727317.996649 Threads: current=0
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-18]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
listening on dnacluster:21 at 9, capture length 8192 bytes
1424727320.433816 processing suspended
1424727320.433889 processing continued
/nsm/bro/share/broctl/scripts/run-bro: line 85: 4710 Segmentation fault nohup $mybro "$@"
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 9 -U .status -p broctl -p broctl-live -p local -p worker-1-18 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-18
==== .status
RUNNING [net_run]
==== prof.log
1424727320.384226 TCP-States:Rst.
1424727320.384226 Connections expired due to inactivity: 0
1424727320.384226 Total reassembler data: 0K
1424727320.384226 Timers: current=37 max=38 mem=2K lag=1424727319.38s
1424727320.384226 DNS_Mgr: requests=0 succesful=0 failed=0 pending=0 cached_hosts=0 cached_addrs=0
1424727320.384226 Triggers: total=0 pending=0
1424727320.384226 RotateTimer = 3
1424727320.384226 ScheduleTimer = 12
1424727320.384226 TableValTimer = 22
1424727320.384226 Threads: current=0
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-19]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 10 (dnacluster:21 at 10: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 10 -U .status -p broctl -p broctl-live -p local -p worker-1-19 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-19
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-2]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 11 (dnacluster:21 at 11: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 11 -U .status -p broctl -p broctl-live -p local -p worker-1-2 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-2
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-20]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 12 (dnacluster:21 at 12: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 12 -U .status -p broctl -p broctl-live -p local -p worker-1-20 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-20
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-21]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 13 (dnacluster:21 at 13: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 13 -U .status -p broctl -p broctl-live -p local -p worker-1-21 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-21
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-22]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 14 (dnacluster:21 at 14: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 14 -U .status -p broctl -p broctl-live -p local -p worker-1-22 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-22
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-3]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 15 (dnacluster:21 at 15: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 15 -U .status -p broctl -p broctl-live -p local -p worker-1-3 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-3
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-4]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 16 (dnacluster:21 at 16: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 16 -U .status -p broctl -p broctl-live -p local -p worker-1-4 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-4
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-5]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 17 (dnacluster:21 at 17: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 17 -U .status -p broctl -p broctl-live -p local -p worker-1-5 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-5
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-6]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 18 (dnacluster:21 at 18: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 18 -U .status -p broctl -p broctl-live -p local -p worker-1-6 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-6
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-7]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 19 (dnacluster:21 at 19: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 19 -U .status -p broctl -p broctl-live -p local -p worker-1-7 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-7
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-8]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 20 (dnacluster:21 at 20: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 20 -U .status -p broctl -p broctl-live -p local -p worker-1-8 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-8
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
[worker-1-9]
Bro 2.3-419
Linux 2.6.32-504.8.1.el6.x86_64
==== No reporter.log
==== stderr.log
fatal error: problem with interface dnacluster:21 at 21 (dnacluster:21 at 21: No such device exists (No such device exists))
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i dnacluster:21 at 21 -U .status -p broctl -p broctl-live -p local -p worker-1-9 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
==== .env_vars
PATH=/nsm/bro/bin:/nsm/bro/share/broctl/scripts:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/opt/dell/srvadmin/bin
BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/nsm/bro/share/bro:/nsm/bro/share/bro/policy:/nsm/bro/share/bro/site
CLUSTER_NODE=worker-1-9
==== .status
TERMINATED [atexit]
==== prof.log
==== No packet_filter.log
==== No loaded_scripts.log
More information about the Bro
mailing list