[Bro] 'cf' utility with Bro 2.5

eshelton eshelton at butler.net
Tue Oct 3 12:25:03 PDT 2017 

I've started to experience an issue with the 'cf' utility, so I wanted to
check and see if anyone else had ever experienced a similar issue:

Initially, I started to think that either I was crazy, or something had
changed. I was checking some alerts Monday morning from last Friday, when I
started experiencing an issue zcatting an http.log.gz file piped into 'cf'.
I've changed nothing on this management server for months, yet I'm seeing
seg faults like the following:

Oct  2 11:54:29 lamborghini kernel: cf[182679]: segfault at 30 ip
00007fb078511111 sp 00007ffc2c7b87b0 error 4 in libc-2.19.so
[7fb078459000+1ba000]
Oct  2 11:54:50 lamborghini kernel: cf[182694]: segfault at 30 ip
00007ff5d3004111 sp 00007ffc70d411b0 error 4 in libc-2.19.so
[7ff5d2f4c000+1ba000]
Oct  2 11:54:57 lamborghini kernel: cf[182698]: segfault at 30 ip
00007ff285fb6111 sp 00007ffd44bb72d0 error 4 in libc-2.19.so
[7ff285efe000+1ba000]
Oct  2 11:55:39 lamborghini kernel: cf[182737]: segfault at 30 ip
00007f12925da111 sp 00007ffffdb25410 error 4 in libc-2.19.so
[7f1292522000+1ba000]
Oct  2 11:55:48 lamborghini kernel: cf[182743]: segfault at 30 ip
00007f7a86b20111 sp 00007fff3eec2900 error 4 in libc-2.19.so
[7f7a86a68000+1ba000]
Oct  2 11:55:53 lamborghini kernel: cf[182748]: segfault at 30 ip
00007f7134340111 sp 00007fffb518fca0 error 4 in libc-2.19.so
[7f7134288000+1ba000]
Oct  2 11:56:40 lamborghini kernel: cf[182772]: segfault at 30 ip
00007f5569185111 sp 00007ffc02d9ecd0 error 4 in libc-2.19.so
[7f55690cd000+1ba000]
Oct  2 11:58:12 lamborghini kernel: cf[183017]: segfault at 30 ip
00007f7d1167c111 sp 00007ffef64635f0 error 4 in libc-2.19.so
[7f7d115c4000+1ba000]
Oct  2 11:58:49 lamborghini kernel: cf[183032]: segfault at 30 ip
00007fa016b4c111 sp 00007ffc80bbbc00 error 4 in libc-2.19.so
[7fa016a94000+1ba000]
Oct  2 11:59:40 lamborghini kernel: cf[183062]: segfault at 30 ip
00007f4b2bbec111 sp 00007ffd7d556c00 error 4 in libc-2.19.so
[7f4b2bb34000+1ba000]
Oct  2 11:59:58 lamborghini kernel: cf[183068]: segfault at 30 ip
00007f71ab8ad111 sp 00007ffe11c6a230 error 4 in libc-2.19.so
[7f71ab7f5000+1ba000]
Oct  2 12:00:59 lamborghini kernel: cf[183102]: segfault at 30 ip
00007f11db924111 sp 00007ffe814cdc40 error 4 in libc-2.19.so
[7f11db86c000+1ba000]
Oct  2 12:01:26 lamborghini kernel: cf[183126]: segfault at 30 ip
00007ff0fb745111 sp 00007fff28522010 error 4 in libc-2.19.so
[7ff0fb68d000+1ba000]
Oct  2 12:02:08 lamborghini kernel: cf[183323]: segfault at 30 ip
00007f66d0079111 sp 00007fff1466ded0 error 4 in libc-2.19.so
[7f66cffc1000+1ba000]
Oct  2 12:02:20 lamborghini kernel: cf[183345]: segfault at 30 ip
00007f61ebad1111 sp 00007ffec6a6af60 error 4 in libc-2.19.so
[7f61eba19000+1ba000]
Oct  2 12:04:54 lamborghini kernel: cf[183420]: segfault at 30 ip
00007fdb0084f111 sp 00007ffc6d02ce90 error 4 in libc-2.19.so
[7fdb00797000+1ba000]
Oct  2 13:36:04 lamborghini kernel: cf[191311]: segfault at 30 ip
00007f4b682d9111 sp 00007ffff14c5850 error 4 in libc-2.19.so
[7f4b68221000+1ba000]
Oct  2 13:37:27 lamborghini kernel: cf[191707]: segfault at 30 ip
00007fd2e1a9a111 sp 00007fffa4d628a0 error 4 in libc-2.19.so
[7fd2e19e2000+1ba000]
Oct  2 13:40:50 lamborghini kernel: cf[193145]: segfault at 30 ip
00007f7480dea111 sp 00007ffe3bdb5f70 error 4 in libc-2.19.so
[7f7480d32000+1ba000]
Oct  2 13:41:29 lamborghini kernel: cf[193171]: segfault at 30 ip
00007fbb45684111 sp 00007ffffcb81670 error 4 in libc-2.19.so
[7fbb455cc000+1ba000]
Oct  2 13:41:48 lamborghini kernel: cf[193383]: segfault at 30 ip
00007fc039d6f111 sp 00007ffc0ff665e0 error 4 in libc-2.19.so
[7fc039cb7000+1ba000]
Oct  2 13:54:12 lamborghini kernel: cf[195708]: segfault at 30 ip
00007fcea4675111 sp 00007ffeec7142f0 error 4 in libc-2.19.so
[7fcea45bd000+1ba000]
Oct  2 14:17:22 lamborghini kernel: cf[1272]: segfault at 30 ip
00007fe0331f1111 sp 00007fff74bba0d0 error 4 in libc-2.19.so
[7fe033139000+1ba000]
Oct  2 14:32:51 lamborghini kernel: cf[1791]: segfault at 30 ip
00007fc53a151111 sp 00007fff567376a0 error 4 in libc-2.19.so
[7fc53a099000+1ba000]
Oct  2 14:33:26 lamborghini kernel: cf[2413]: segfault at 30 ip
00007fa6f93b8111 sp 00007ffd778c7740 error 4 in libc-2.19.so
[7fa6f9300000+1ba000]
Oct  2 14:55:26 lamborghini kernel: cf[5664]: segfault at 30 ip
00007f0c18ebe111 sp 00007ffd844fb370 error 4 in libc-2.19.so
[7f0c18e06000+1ba000]
Oct  2 14:55:56 lamborghini kernel: cf[5696]: segfault at 30 ip
00007f3814019111 sp 00007ffc936a16a0 error 4 in libc-2.19.so
[7f3813f61000+1ba000]
Oct  2 14:56:17 lamborghini kernel: cf[5702]: segfault at 30 ip
00007f1bf94ac111 sp 00007fff2584d280 error 4 in libc-2.19.so
[7f1bf93f4000+1ba000]

I attempted to check to see if there was a newer version of 'cf', but I now
notice the link on the bro.org website to the 'cf' utility appears to no
longer be valid.

Is 'cf' still being used/promoted, and if so, is it possible that it's
getting a re-work right now, and as such the the download link for the old
version is no longer valid?

Respectfully,

-Erin Shelton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171003/1aaf7a5e/attachment.html

More information about the Bro mailing list