[Bro] bro manager stops writing logs - EINTR issue ?
barak gilboa
barak.work.email at gmail.com
Sun Jan 17 01:02:39 PST 2016
Hello,
I would appreciate anyone's help on the following issue :
setup: 24 workers,1 proxy, 1 manager. each worker has a bloomfilter of its
own so eventually very few events are passed on to the manager for writing.
there is only 1 log file being written (dns.log) which fills at a rate of
about 10k lines per sec.
problem: after a few hours, manager stops writing the log file though
everything is still running. no errors on debug.log or stderr.log.
I ran strace and found that the manager's child process has *EINTR* issue:
ERESTARTNOHAND to be restarted if no handler
SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL}
rt_sigreturn()=-1 EINTR (interrupted system call)
I read that bro should handle EINTR errors internally.
any suggestions on what can be done ?
thanks !
Barak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160117/55b3629c/attachment.html
More information about the Bro
mailing list