[Bro] Broctl segmentation fault
Zeolla@GMail.com
zeolla at gmail.com
Fri Oct 5 11:58:30 PDT 2018
Gotcha, yeah please do as that is the most updated code and includes some
baseline btests (with more coming in the near future). Feel free to reach
out to me via the list if you have any questions/concerns/issues on it -
thanks!
Jon
On Fri, Oct 5, 2018 at 1:19 PM Sean Hutchison <shutchison at cert.org> wrote:
> Well, we don’t really have a need to use the bro kafka plugin currently –
> it was just for a bit of testing previously – but I can use bro-pkg in the
> future or for other plugins/scripts.
>
>
>
> V/R
>
> Sean
>
>
>
> *From:* Zeolla at GMail.com [mailto:zeolla at gmail.com]
> *Sent:* Friday, October 05, 2018 12:36 PM
>
>
> *To:* Sean Hutchison <shutchison at cert.org>
> *Cc:* Johanna Amann <johanna at icir.org>; bro at bro.org
> *Subject:* Re: [Bro] Broctl segmentation fault
>
>
>
> Sounds like you are looking at a very old version of the plugin, since
> bro/bro-plugins has been completely deprecated at this point. Can you use
> bro-pkg to install apache/metron-bro-plugin-kafka? It should be a bit more
> robust and up to date. Let me know if you have any issues when taking this
> approach.
>
>
>
> Jon
>
> On Fri, Oct 5, 2018, 07:55 Sean Hutchison <shutchison at cert.org> wrote:
>
> Ya, first install librdkafka (there’s probably a newer version – make sure
> it supports your Kafka broker version) …
>
> curl --silent -L -k
> https://github.com/edenhill/librdkafka/archive/v0.9.5.tar.gz | tar xz
>
> cd librdkafka-0.9.5
>
> ./configure
>
> make
>
> make install
>
>
>
> Then get bro-plugins repo and build kafka plugin against version of Bro
> you’re using by pointing it to where you extracted bro source…
>
> git clone https://github.com/bro/bro-plugins.git
>
> cd bro-plugins/kafka/
>
> ./configure --bro-dist=/path/to/bro-2.#.#
>
> make && make install
>
>
>
> Confirm with…
>
> bro -N Bro::Kafka
>
>
>
> See
> https://archive.apache.org/dist/metron/0.4.0/site-book/metron-sensors/bro-plugin-kafka/index.html
> for example configurations.
>
>
>
> V/R
>
> Sean
>
>
>
> *From:* Zeolla at GMail.com [mailto:zeolla at gmail.com]
> *Sent:* Thursday, October 04, 2018 5:06 PM
> *To:* Sean Hutchison <shutchison at cert.org>
> *Cc:* Johanna Amann <johanna at icir.org>; bro at bro.org
>
>
> *Subject:* Re: [Bro] Broctl segmentation fault
>
>
>
> If you don't mind, can you share the steps you took to build and install
> the plug-in? What version?
>
>
>
> Jon
>
> On Thu, Oct 4, 2018, 13:23 Sean Hutchison <shutchison at cert.org> wrote:
>
> Yes, and I just removed the Bro Kafka plugin and no more error!
>
> Thank you so much.
>
> V/R
> Sean
>
> -----Original Message-----
> From: Johanna Amann [mailto:johanna at icir.org]
> Sent: Thursday, October 04, 2018 11:36 AM
> To: Sean Hutchison <shutchison at cert.org>
> Cc: Azoff, Justin S <jazoff at illinois.edu>; bro at bro.org
> Subject: Re: [Bro] Broctl segmentation fault
>
> Hi,
>
> Is there a change that you have binary plugins installed (netmap plugin, a
> few bro-pkg ones)?
>
> They can cause crashes exactly like this. This behavior is fixed with Bro
> 2.6 (it will output an error message instead).
>
> If that is the case - either recompiling or removing the binary plugins
> will fix this.
>
> Johanna
>
> On 4 Oct 2018, at 5:01, Sean Hutchison wrote:
>
> > # bro -v
> > bro version 2.5.5
> >
> > # bro -NN
> > Segmentation fault
> >
> > # bro -b -i lo
> > listening on lo
> >
> > ^C1538653437.070325 received termination signal
> > 1538653437.070325 208 packets received on interface lo, 0 dropped
> >
> > # bro -i lo
> > Segmentation fault
> >
> > # bro -i lo local
> > Segmentation fault
> >
> > # ldd /opt/bro/bin/bro
> > linux-vdso.so.1 => (0x00007fff99dfd000)
> > libpcap.so.1 => /lib64/libpcap.so.1 (0x00007f148eec1000)
> > libssl.so.10 => /lib64/libssl.so.10 (0x00007f148ec50000)
> > libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f148e7ef000)
> > libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f148e5d6000)
> > libz.so.1 => /lib64/libz.so.1 (0x00007f148e3c0000)
> > libGeoIP.so.1 => /lib64/libGeoIP.so.1 (0x00007f148e190000)
> > libtcmalloc.so.4 => /lib64/libtcmalloc.so.4
> > (0x00007f148dd9b000)
> > libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f148db7f000)
> > libdl.so.2 => /lib64/libdl.so.2 (0x00007f148d97b000)
> > libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f148d674000)
> > libm.so.6 => /lib64/libm.so.6 (0x00007f148d372000)
> > libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f148d15c000)
> > libc.so.6 => /lib64/libc.so.6 (0x00007f148cd8f000)
> > libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
> > (0x00007f148cb42000)
> > libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f148c85a000)
> > libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f148c656000)
> > libk5crypto.so.3 => /lib64/libk5crypto.so.3
> > (0x00007f148c423000)
> > /lib64/ld-linux-x86-64.so.2 (0x00007f148f102000)
> > libkrb5support.so.0 => /lib64/libkrb5support.so.0
> > (0x00007f148c215000)
> > libkeyutils.so.1 => /lib64/libkeyutils.so.1
> > (0x00007f148c011000)
> > libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f148bdea000)
> > libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f148bb88000)
> >
> > No custom scripts being loaded via local.bro Nothing in particular -
> > did yum install/update of RedHat-based dependencies according to
> > https://www.bro.org/sphinx/install/install.html#required-dependencies
> > Although I did build it against pfring first, using yum package from
> > ntop repo - same issue, have since removed that and did regular build
> >
> > Only configure switch was --prefix.
> >
> > V/R
> > Sean
> >
> > -----Original Message-----
> > From: Azoff, Justin S [mailto:jazoff at illinois.edu]
> > Sent: Wednesday, October 03, 2018 3:01 PM
> > To: Sean Hutchison <shutchison at cert.org>
> > Cc: bro at bro.org
> > Subject: Re: [Bro] Broctl segmentation fault
> >
> >
> >> On Oct 3, 2018, at 2:46 PM, Sean Hutchison <shutchison at cert.org>
> >> wrote:
> >>
> >> Hello,
> >>
> >> After any build of Bro with Broctl 1.7, I’m experiencing the below
> >> error when broctl/scripts/check-config is run…
> >>
> >> /opt/bro/share/broctl/scripts/check-config: line 50: 4463
> >> Segmentation fault "${bro}" $check_option "$@"
> >>
> >> Anyone encountered this before? Cannot bypass doing broctl check –
> >> broctl start results in failed/crashed processes.
> >>
> >> This is on RHEL7.5, after building Bro-2.5.5 (I’ve tried other minor
> >> versions since 2.5 – same issue).
> >>
> >> Existing Bro cluster on RHEL7.5 boxes with Bro-2.5 and Broctl 1.5
> >> works fine.
> >>
> >> Any help would be greatly appreciated.
> >>
> >
> > check runs bro with the current configuration to see if it can start,
> > so that's bro segfaulting there.. that's why start also fails..
> >
> > What do you get if you try each of the following?
> >
> > bro -v
> > bro -NN # just see if this runs or crashes
> > bro -b -i lo
> > bro -i lo
> > bro -i lo local
> >
> > You can hit control-c if any of those start successfully to get your
> > prompt back.
> >
> > I'm not aware of any issues like this, so it could be something with
> > your configuration.
> >
> > Do you have a customized local.bro at all?
> > Are you building bro against a particular libpcap or malloc
> > implementation?
> > What does ldd /opt/bro/bin/bro output?
> >
> > —
> > Justin Azoff
> >
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> --
>
> Jon
>
> --
>
> Jon
>
--
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181005/68ddcb2c/attachment.html
More information about the Bro
mailing list