[Bro] 'cf' utility with Bro 2.5

Tue Oct 3 12:48:08 PDT 2017

Or switch to using 'bro-cut -d' and not have to worry about keeping up with
'cf'.  :)

-Dop

On Tue, Oct 3, 2017 at 2:38 PM, Aashish Sharma <asharma at lbl.gov> wrote:

> Eshelton,
>
> Here is link to cf utility: ftp://ftp.ee.lbl.gov/cf-1.2.5.tar.gz
>
> Try this one and see if you still encounter seg faults.
>
> Aashish
>
> On Tue, Oct 03, 2017 at 01:25:03PM -0600, eshelton wrote:
> > I've started to experience an issue with the 'cf' utility, so I wanted to
> > check and see if anyone else had ever experienced a similar issue:
> >
> > Initially, I started to think that either I was crazy, or something had
> > changed. I was checking some alerts Monday morning from last Friday,
> when I
> > started experiencing an issue zcatting an http.log.gz file piped into
> 'cf'.
> > I've changed nothing on this management server for months, yet I'm seeing
> > seg faults like the following:
> >
> > Oct  2 11:54:29 lamborghini kernel: cf[182679]: segfault at 30 ip
> > 00007fb078511111 sp 00007ffc2c7b87b0 error 4 in libc-2.19.so
> > [7fb078459000+1ba000]
> > Oct  2 11:54:50 lamborghini kernel: cf[182694]: segfault at 30 ip
> > 00007ff5d3004111 sp 00007ffc70d411b0 error 4 in libc-2.19.so
> > [7ff5d2f4c000+1ba000]
> > Oct  2 11:54:57 lamborghini kernel: cf[182698]: segfault at 30 ip
> > 00007ff285fb6111 sp 00007ffd44bb72d0 error 4 in libc-2.19.so
> > [7ff285efe000+1ba000]
> > Oct  2 11:55:39 lamborghini kernel: cf[182737]: segfault at 30 ip
> > 00007f12925da111 sp 00007ffffdb25410 error 4 in libc-2.19.so
> > [7f1292522000+1ba000]
> > Oct  2 11:55:48 lamborghini kernel: cf[182743]: segfault at 30 ip
> > 00007f7a86b20111 sp 00007fff3eec2900 error 4 in libc-2.19.so
> > [7f7a86a68000+1ba000]
> > Oct  2 11:55:53 lamborghini kernel: cf[182748]: segfault at 30 ip
> > 00007f7134340111 sp 00007fffb518fca0 error 4 in libc-2.19.so
> > [7f7134288000+1ba000]
> > Oct  2 11:56:40 lamborghini kernel: cf[182772]: segfault at 30 ip
> > 00007f5569185111 sp 00007ffc02d9ecd0 error 4 in libc-2.19.so
> > [7f55690cd000+1ba000]
> > Oct  2 11:58:12 lamborghini kernel: cf[183017]: segfault at 30 ip
> > 00007f7d1167c111 sp 00007ffef64635f0 error 4 in libc-2.19.so
> > [7f7d115c4000+1ba000]
> > Oct  2 11:58:49 lamborghini kernel: cf[183032]: segfault at 30 ip
> > 00007fa016b4c111 sp 00007ffc80bbbc00 error 4 in libc-2.19.so
> > [7fa016a94000+1ba000]
> > Oct  2 11:59:40 lamborghini kernel: cf[183062]: segfault at 30 ip
> > 00007f4b2bbec111 sp 00007ffd7d556c00 error 4 in libc-2.19.so
> > [7f4b2bb34000+1ba000]
> > Oct  2 11:59:58 lamborghini kernel: cf[183068]: segfault at 30 ip
> > 00007f71ab8ad111 sp 00007ffe11c6a230 error 4 in libc-2.19.so
> > [7f71ab7f5000+1ba000]
> > Oct  2 12:00:59 lamborghini kernel: cf[183102]: segfault at 30 ip
> > 00007f11db924111 sp 00007ffe814cdc40 error 4 in libc-2.19.so
> > [7f11db86c000+1ba000]
> > Oct  2 12:01:26 lamborghini kernel: cf[183126]: segfault at 30 ip
> > 00007ff0fb745111 sp 00007fff28522010 error 4 in libc-2.19.so
> > [7ff0fb68d000+1ba000]
> > Oct  2 12:02:08 lamborghini kernel: cf[183323]: segfault at 30 ip
> > 00007f66d0079111 sp 00007fff1466ded0 error 4 in libc-2.19.so
> > [7f66cffc1000+1ba000]
> > Oct  2 12:02:20 lamborghini kernel: cf[183345]: segfault at 30 ip
> > 00007f61ebad1111 sp 00007ffec6a6af60 error 4 in libc-2.19.so
> > [7f61eba19000+1ba000]
> > Oct  2 12:04:54 lamborghini kernel: cf[183420]: segfault at 30 ip
> > 00007fdb0084f111 sp 00007ffc6d02ce90 error 4 in libc-2.19.so
> > [7fdb00797000+1ba000]
> > Oct  2 13:36:04 lamborghini kernel: cf[191311]: segfault at 30 ip
> > 00007f4b682d9111 sp 00007ffff14c5850 error 4 in libc-2.19.so
> > [7f4b68221000+1ba000]
> > Oct  2 13:37:27 lamborghini kernel: cf[191707]: segfault at 30 ip
> > 00007fd2e1a9a111 sp 00007fffa4d628a0 error 4 in libc-2.19.so
> > [7fd2e19e2000+1ba000]
> > Oct  2 13:40:50 lamborghini kernel: cf[193145]: segfault at 30 ip
> > 00007f7480dea111 sp 00007ffe3bdb5f70 error 4 in libc-2.19.so
> > [7f7480d32000+1ba000]
> > Oct  2 13:41:29 lamborghini kernel: cf[193171]: segfault at 30 ip
> > 00007fbb45684111 sp 00007ffffcb81670 error 4 in libc-2.19.so
> > [7fbb455cc000+1ba000]
> > Oct  2 13:41:48 lamborghini kernel: cf[193383]: segfault at 30 ip
> > 00007fc039d6f111 sp 00007ffc0ff665e0 error 4 in libc-2.19.so
> > [7fc039cb7000+1ba000]
> > Oct  2 13:54:12 lamborghini kernel: cf[195708]: segfault at 30 ip
> > 00007fcea4675111 sp 00007ffeec7142f0 error 4 in libc-2.19.so
> > [7fcea45bd000+1ba000]
> > Oct  2 14:17:22 lamborghini kernel: cf[1272]: segfault at 30 ip
> > 00007fe0331f1111 sp 00007fff74bba0d0 error 4 in libc-2.19.so
> > [7fe033139000+1ba000]
> > Oct  2 14:32:51 lamborghini kernel: cf[1791]: segfault at 30 ip
> > 00007fc53a151111 sp 00007fff567376a0 error 4 in libc-2.19.so
> > [7fc53a099000+1ba000]
> > Oct  2 14:33:26 lamborghini kernel: cf[2413]: segfault at 30 ip
> > 00007fa6f93b8111 sp 00007ffd778c7740 error 4 in libc-2.19.so
> > [7fa6f9300000+1ba000]
> > Oct  2 14:55:26 lamborghini kernel: cf[5664]: segfault at 30 ip
> > 00007f0c18ebe111 sp 00007ffd844fb370 error 4 in libc-2.19.so
> > [7f0c18e06000+1ba000]
> > Oct  2 14:55:56 lamborghini kernel: cf[5696]: segfault at 30 ip
> > 00007f3814019111 sp 00007ffc936a16a0 error 4 in libc-2.19.so
> > [7f3813f61000+1ba000]
> > Oct  2 14:56:17 lamborghini kernel: cf[5702]: segfault at 30 ip
> > 00007f1bf94ac111 sp 00007fff2584d280 error 4 in libc-2.19.so
> > [7f1bf93f4000+1ba000]
> >
> > I attempted to check to see if there was a newer version of 'cf', but I
> now
> > notice the link on the bro.org website to the 'cf' utility appears to no
> > longer be valid.
> >
> > Is 'cf' still being used/promoted, and if so, is it possible that it's
> > getting a re-work right now, and as such the the download link for the
> old
> > version is no longer valid?
> >
> > Respectfully,
> >
> > -Erin Shelton
>
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171003/e87f033a/attachment-0001.html 