[Bro] Segmentation fault while using own signature.
Zeolla@GMail.com
zeolla at gmail.com
Wed Jan 18 09:16:45 PST 2017
I've run into issues with getting core dumps in the past. I documented
some of them as comments against broala KBs, but I'm not sure where those
exist now that it has been renamed. What OS are you running? Recalling
from memory, there are different things that can stop successful cores
using the afore-mentioned config depending on the platform (I think it was
ABRT?). Happy to pull that back up again if you continue to have an issue.
Jon
On Wed, Jan 18, 2017 at 12:03 PM fatema bannatwala <
fatema.bannatwala at gmail.com> wrote:
> Hi Seth,
>
> Thanks for the suggestions, still getting No core dump:
>
> $ less /etc/security/limits.conf
> #Editing the core dump limit to unlimited for Bro debugging
> #* soft core 0
> * soft core unlimited
>
> $ less .crash-diag.out
> No core file found.
>
> Bro 2.5
> Linux 3.10.0-327.36.3.el7.x86_64
>
> Bro plugins: (none found)
>
> ==== No reporter.log
>
> <Truncated>
>
> I will check to see what am I missing.
>
> Thanks,
> Fatema.
>
> On Tue, Jan 17, 2017 at 10:58 PM, Seth Hall <seth at icir.org> wrote:
>
>
> > On Jan 17, 2017, at 4:07 PM, fatema bannatwala <
> fatema.bannatwala at gmail.com> wrote:
>
> > Also, I m starting bro with following commands on manager:
> > sudo -u bro /usr/local/bro/2.5/bin/broctl install
> > sudo -u bro /usr/local/bro/2.5/bin/broctl restart
> >
> > However, when seeing the crash report on the sensor, it says No core
> file was found:
> > (Any idea, why broctl isn't generating the core dump, or do I have to
> include any file in local.bro for the same?)
>
> Ah! I suspect the problem is that you're starting Bro as the Bro user
> which probably doesn't have permission to increase it's maximum core file
> size to unlimited.
>
> You can edit /etc/security/limits.conf and add the following line to it...
>
> * soft core unlimited
>
> That should make it possible for Bro to have arbitrarily large core dumps.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Jon
Sent from my mobile device
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170118/a7f61975/attachment.html
More information about the Bro
mailing list