[Bro] local.bro causing memory leak

Benjamin Wood ben.bt.wood at gmail.com
Mon Mar 19 12:31:03 PDT 2018


I've got some custom log names happening, and it's causing a memory leak.
Bro never closes the file descriptors or releases the objects. This is
causing the manager to crash over a period of time.

I'm running my cluster with broctl, and rotation is turned off because I'm
naming files with a timestamp to begin with.

Any suggestions on how to perform a periodic "clean up"?

function datepath(id: Log::ID, path: string, rec: any) : string
{
    local filter = Log::get_filter(id, "default");
    return string_cat(filter$path, strftime("_%F_%H", current_time()));
}

event bro_init() {
    Log::disable_stream(Syslog::LOG);

    for ( id in Log::active_streams ) {
        local filter = Log::get_filter(id, "default");
        filter$path_func = datepath;
        Log::add_filter(id, filter);
    }
}

Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180319/b2a04e7d/attachment.html 


More information about the Bro mailing list