[Bro] bro master crashing
Azoff, Justin S
jazoff at illinois.edu
Thu Mar 9 09:55:00 PST 2017
> On Mar 9, 2017, at 12:40 PM, Matt Clemons <matt.clemons at gmail.com> wrote:
>
> And I can't tell why.
>
> One master. 26 worker systems. Total of 200 worker processes. All centos6. Bro 2.5.
>
> Crashes just started happening last night. System has been running since the release of 2.5 with 0 issues.
I'm actually surprised that works at all. Because bro currently (but not for much longer) uses select for handling connections from all the workers, the manager will fail as soon as it gets enough connections for a file descriptor to hit above 1024. You used to hit that limit around 175 workers. Though now that I think of it, we fixed a .bro script leak in 2.5, so I think the new limit may be around 220 for bro 2.5. The next version of bro should hopefully not have a limit :-)
> Any way to tell why it's crashing? So far, all i have is the email from broctl and it's not very helpful.
>
This message:
> received termination signal
>
Means something killed it, probably the kernel OOM killer. Does syslog show anything?
--
- Justin Azoff
More information about the Bro
mailing list