[Bro] Segmentation fault while using own signature.
Seth Hall
seth at icir.org
Fri Jan 13 10:28:54 PST 2017
> On Jan 13, 2017, at 12:06 PM, fatema bannatwala <fatema.bannatwala at gmail.com> wrote:
> ,
> I wrote a little script to run gstack for all bro processes for every minute. And ran it when I loaded the new sig and restarted bro.
> I have attached the output files for two sensors where I captured the gstack stats. Let me know if that's not the correct way of capturing stack trace.
You need to collect a core dump when the crash happens and get a stack trace from that. If this is on Linux, you will need to set your kernel.core_pattern sysctl value to something like the following....
sudo sysctl -w kernel.core_pattern=core.%e-%t-%p
If you have things set this way and you have gdb installed, broctl should automatically generate a stack trace when it restarts the dead process.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list