[Bro] Segmentation fault while using own signature.

Zeolla@GMail.com zeolla at gmail.com
Wed Jan 18 09:36:04 PST 2017


Here are some <https://www.centos.org/forums/viewtopic.php?t=5962> reading
<http://unix.stackexchange.com/a/192836/28597> materials
<https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-abrt.html>
that
may help.

Jon

On Wed, Jan 18, 2017 at 12:27 PM fatema bannatwala <
fatema.bannatwala at gmail.com> wrote:

> Hi Jon,
>
> Thanks for lending some help. Appreciate it.
> We are running CentOS on our bro sensors as well as on manager.
>
> Here's the full info:
> Linux sensor1.xx.xx 3.10.0-327.36.3.el7.x86_64 #1 SMP Mon Oct 24 16:09:20
> UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
> CentOS Linux release 7.2.1511 (Core)
>
> Thanks,
> Fatema.
>
>
> On Wed, Jan 18, 2017 at 12:16 PM, Zeolla at GMail.com <zeolla at gmail.com>
> wrote:
>
> I've run into issues with getting core dumps in the past.  I documented
> some of them as comments against broala KBs, but I'm not sure where those
> exist now that it has been renamed.  What OS are you running?  Recalling
> from memory, there are different things that can stop successful cores
> using the afore-mentioned config depending on the platform (I think it was
> ABRT?).  Happy to pull that back up again if you continue to have an issue.
>
> Jon
>
> On Wed, Jan 18, 2017 at 12:03 PM fatema bannatwala <
> fatema.bannatwala at gmail.com> wrote:
>
> Hi Seth,
>
> Thanks for the suggestions, still getting No core dump:
>
> $ less /etc/security/limits.conf
> #Editing the core dump limit to unlimited for Bro debugging
> #*               soft    core            0
> *               soft    core            unlimited
>
> $ less .crash-diag.out
> No core file found.
>
> Bro 2.5
> Linux 3.10.0-327.36.3.el7.x86_64
>
> Bro plugins: (none found)
>
> ==== No reporter.log
>
> <Truncated>
>
> I will check to see what am I missing.
>
> Thanks,
> Fatema.
>
> On Tue, Jan 17, 2017 at 10:58 PM, Seth Hall <seth at icir.org> wrote:
>
>
> > On Jan 17, 2017, at 4:07 PM, fatema bannatwala <
> fatema.bannatwala at gmail.com> wrote:
>
> > Also, I m starting bro with following commands on manager:
> > sudo -u bro /usr/local/bro/2.5/bin/broctl install
> > sudo -u bro /usr/local/bro/2.5/bin/broctl restart
> >
> > However, when seeing the crash report on the sensor, it says No core
> file was found:
> > (Any idea, why broctl isn't generating the core dump, or do I have to
> include any file in local.bro for the same?)
>
> Ah!  I suspect the problem is that you're starting Bro as the Bro user
> which probably doesn't have permission to increase it's maximum core file
> size to unlimited.
>
> You can edit /etc/security/limits.conf and add the following line to it...
>
> *  soft  core  unlimited
>
> That should make it possible for Bro to have arbitrarily large core dumps.
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> --
>
> Jon
>
> Sent from my mobile device
>
>
> --

Jon

Sent from my mobile device
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170118/85ea4823/attachment.html 


More information about the Bro mailing list