[Bro] [BRO-ISSUE]: bro crash when so many Repoter::Error calls
Myth Ren
email4myth at gmail.com
Tue Apr 3 03:06:14 PDT 2018
currently i'm using Apache/metron-kafka-plugin v0.1 and the problem is gone.
thanks Jon.
2018-04-02 23:03 GMT+08:00 Jon Siwek <jsiwek at corelight.com>:
>
>
> On 1/25/18 10:18 AM, Myth Ren wrote:
>
> I'm using bro 2.5.1 for network security monitoring , the message
>> queue is kafka componment (the bro-to-kafka plugin version is v0.5.0,
>> librdkafka version is v0.9.5).
>>
>
> The plugins from Bro v2.5.1 may be a bit old to continue using. I'd
> generally suggest trying to update to newest version of everything.
>
> Below listed information is backtrace from core dump. (more on gist <
>> https://gist.github.com/MythRen/b55220647ca28654c6f7e1db12ee6036>)
>>
>
> #4 0x00000000005fee8f in Reporter::Error (this=<optimized out>,
>> fmt=fmt at entry=0x7fe36c719d70 "Kafka send failed: %s") at
>> /opt/download/bro/src/Reporter.cc:76 #5 0x00007fe36c717fa9 in
>> logging::writer::KafkaWriter::DoWrite (this=0x6369270,
>> num_fields=<optimized out>, fields=<optimized out>, vals=0x69d2080)
>> at /opt/download/bro/aux/plugins/kafka/src/KafkaWriter.cc:156 #6
>>
>
> This is basically the problem: this version of KafkaWriter is directly
> using Reporter calls and that's not thread-safe. Here would be the way to
> fix it for your reference (in case you simply can't update things):
>
> https://github.com/apache/metron-bro-plugin-kafka/commit/496
> 8b6537f663c1de061d0cf0aedb42f43ab12ee
>
> - Jon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180403/0037db70/attachment.html
More information about the Bro
mailing list