[Bro] Getting a Broctl Stack Trace
Seth Hall
seth at corelight.com
Mon Nov 5 14:01:19 PST 2018
Make sure you are setting the core pattern on your system so that the
core dump will be written into the CWD.
sudo sysctl -w kernel.core_pattern="core.%e-%t-%p"
.Seth
On 2 Nov 2018, at 12:51, Mike M wrote:
> I'm having an issue with broctl crashing when I try to run it on
> Alpine
> Linux. I mentioned it previously [1] but I'm circling back around to
> try to
> get it resolved. I've built it with the appropriate patches [2] but
> broctl
> is still reporting "crashed" state when I checks the status after
> starting
> it. The bro binary itself runs fine.
>
> What do I need to do to collect a stack trace from broctl to determine
> the
> root cause?
>
> Bro is built in debug mode and I set "ulimit -c unlimited" per the
> instructions on reporting problems. I see a
> /usr/local/bro/spool/tmp/post-terminate-standalone-2018-11-02-02-56-06-13765-crash
> directory but there's no core dump anywhere obvious. The
> .crash-diag.out
> file says "No core file found" and doesn't provide any useful
> information
> about the cause of the crash.
>
> Thanks,
> Mike
>
> [1]
> http://mailman.icsi.berkeley.edu/pipermail/bro/2018-September/013580.html
> [2]
> http://mailman.icsi.berkeley.edu/pipermail/bro/2018-September/013581.html
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list