[Bro] BRO Logger crashing due to large DNS log files
Azoff, Justin S
jazoff at illinois.edu
Tue Aug 21 11:35:37 PDT 2018
> On Aug 21, 2018, at 8:21 AM, Ron McClellan <Ron_McClellan at ao.uscourts.gov> wrote:
>
> Justin,
>
> Nothing really on the system that would be killing logger, system is a base CENTOS 7 box, recently built just for BRO. The .status file shows "TERMINATED[atexit]".
>
> Ron
>
> [root@ ron]# sudo cat /logs/bro/spool/logger/.status
> TERMINATED [atexit]
>
> Name Type Host Status Pid Started
> logger logger localhost crashed
Ah.. well now that says 'crashed' which is what you'd expect if it was crashing (not 'terminating')
If it is crashing then something should say why...
Is broctl sending you a crash report when that happens? What does broctl diag say?
Are there any kernel OOM messages in dmesg or syslog?
Or any messages that look like
bro[60506]: segfault at 0 ip 00000000005fcf8d sp 00007fffaf9d2f40 error 6 in bro[400000+624000]
—
Justin Azoff
More information about the Bro
mailing list