[Bro] Running Bro on Alpine
Daniel Guerra
daniel.guerra69 at gmail.com
Tue Sep 18 13:29:40 PDT 2018
Just tried it, for now I can only confirm your problem
/tmp/bro # /usr/local/bro/bin/broctl start
starting bro ...
(bro still initializing)
/tmp/bro # /usr/local/bro/bin/broctl status
Name Type Host Status Pid Started
bro standalone localhost crashed
this might help , dmesg output
device eth0 entered promiscuous mode
traps: bro: stats/Log:[14187] general protection ip:7f92f1865fbb
sp:7f92f1a40880 error:0
in ld-musl-x86_64.so.1[7f92f1848000+8d000]
bro[11051]: segfault at 55ccf2f95900 ip 000055ccf2f95900 sp
00007ffd5d7bbaa8 error 15
bro[11232]: segfault at 7f4df2130df8 ip 00007f4df2130df8 sp
00007ffe154c88e8 error 15 in ld-musl-x86_64.so.1[7f4df2130000+1000]
and the ps aux output
364 root 0:00 {run-bro} /bin/bash
/usr/local/bro/share/broctl/scripts/run-bro -1 -i eth0 -U .status -p
broctl -p broctl-live -p standalone -p local -p bro local.bro broctl
broctl/standalone broctl
370 root 0:23 /usr/local/bro/bin/bro -i eth0 -U .status -p broctl
-p broctl-live -p standalone -p local -p bro local.bro broctl
broctl/standalone broctl/auto
372 root 0:00 /usr/local/bro/bin/bro -i eth0 -U .status -p broctl
-p broctl-live -p standalone -p local -p bro local.bro broctl
broctl/standalone broctl/auto
Op 18/09/2018 om 20:23 schreef Mike M:
> Daniel,
>
> Thanks for the help. I rebuilt bro with those patches (although they
> look identical to the ones I referenced earlier), making sure to grab
> all the dependencies listed in the docker file.
>
> I'm still seeing broctl report that bro crashed. However, what I
> failed to notice before is that there are actually several bro
> processes running and bro is still producing logs even when broctl
> report it has crashed.
>
> I suppose I could roll my own scripts to start and stop bro, but I'd
> prefer to actually get broctl working on alpine. Any ideas as to why
> it's reporting inaccurate information?
>
> thanks,
> Mike
>
> On Tue, Sep 18, 2018 at 11:47 AM Daniel Guerra
> <daniel.guerra69 at gmail.com <mailto:daniel.guerra69 at gmail.com>> wrote:
>
> Check out
>
>
> For alpine linux you need some patches
>
> https://github.com/blacktop/docker-bro/tree/master/2.5
>
>
> Regards,
>
>
> Daniel
>
> Op 18/09/2018 om 17:18 schreef Mike M:
>> Hello,
>>
>> I’m trying to compile and run Bro on Alpine Linux and I’m having
>> an issue with broctl crashing.
>>
>> Out of the box running ./configure and make using the bro 2.5.5
>> source I get a bunch of errors like that “'u_char' does not name
>> a type” [1].
>>
>> I found this project for compiling Bro on Alpine [2]. The
>> build-bro.sh. script includes two patch files and a cmake file
>> [3]. Manually applying those three files gets Bro to the point
>> where it compiles successfully.
>>
>> Bro will run fine from the command line, but running broctl it
>> crashes almost immediately [4]. Broctl reports Bro as crashed,
>> but it briefly produces all the log files I'd expect (conn, dns,
>> etc). There's nothing useful in the stdout, stderr or reporter logs.
>>
>> I built bro with --enable-debug, I've got gdb installed, and I
>> set "ulimit -c unlimited" but I don't see a crash dump anywhere.
>>
>> In the absence of any error messages I'm unsure on how to
>> proceed. Can anyone recommend next steps?
>>
>> thanks,
>> Mike
>>
>> [1] see compile error.txt (attached)
>> [2] https://github.com/danielguerra69/docker-bro-1
>> [3] https://github.com/danielguerra69/docker-bro-1/tree/master/source
>> [4] see broctl crash.txt (attached)
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org <mailto:bro at bro-ids.org>
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180918/329b26ce/attachment.html
More information about the Bro
mailing list