[Bro] cluster manager crash
Seth Hall
seth at icir.org
Wed Sep 28 19:25:59 PDT 2016
> On Sep 28, 2016, at 2:48 PM, Hovsep Levi <hovsep.sanjay.levi at gmail.com> wrote:
>
> I've never had a day where Bro didn't crash due to memory exhaustion and have to perform full restarts once per hour to prevent manager crashes. The only way to fix it is to become a Bro developer. :>
Unfortunately in some environments this is currently true. We are actively working on addressing these issues on multiple fronts though. We're hoping that these troubles can be eradicated for more and more people over time.
The logger node as you commented in a follow up is one of those approaches, but we are still working on replacing the built in communication mechanism with Broker which will hopefully have some positive effects on stability (go Matthias!) and Justin is investigating SumStats and some scripts that have particularly negative effects to see what changes need to be made to make them scale horizontally better. We have also extended the misc/stats.bro information in 2.5 and we will likely continuing extending it in 2.6 to provide more information about what Bro is doing at runtime to help understand it's behavior better.
Stability problems are definitely something we're concerned about as much as you are. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list