[Bro] Question regarding leaking file descriptors
Art Maddalena
art.maddalena at teamaol.com
Mon May 9 05:58:48 PDT 2016
Hi,
We are having a problem with leaking file descriptors when using
ActiveHTTP. We do see the temporary files being deleted, but lsof shows
the files not closed, so we eventually run out of file descriptors.
*Sample Output:*
bro 10687 root 1016r REG 253,0 283 57148394
/tmp/bro-activehttp-qque3JKygsj_body (deleted)
bro 10687 root 1017r REG 253,0 131 57148392
/tmp/bro-activehttp-qque3JKygsj_headers (deleted)
bro 10687 root 1018r REG 253,0 348 57148398
/tmp/bro-activehttp-nhBlB9hVchg_body (deleted)
bro 10687 root 1019r REG 253,0 131 57148396
/tmp/bro-activehttp-nhBlB9hVchg_headers (deleted)
Our code is at:
https://github.com/aol/moloch/blob/master/capture/plugins/wiseService/molochwise.bro#L98
We are using bro 2.4.1. Is this a known issue or do we need to change the
code somehow?
Thank you for your help!
VR
Art Maddalena, CISSP
Sr. Technical Security Engineer // *AOL*
o: 703.265.2292
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160509/12ef742b/attachment.html
More information about the Bro
mailing list