[Zeek] tcmalloc large alloc
Justin Azoff
justin at corelight.com
Sat May 18 16:31:58 PDT 2019
There's an issue here: https://github.com/zeek/zeek/issues/245
I believe the problem was fixed with
https://github.com/zeek/zeek/commit/78dcbcc71ac09d3dd8a213f658ee8e794bb1bcd9
or
https://github.com/zeek/zeek/commit/6598fe991d26bd15e483fcd96ea72bb161143d4e
but
it has not been confirmed yet,
On Sat, May 18, 2019 at 7:05 PM Rogers, Zach <Zach.Rogers at oregonstate.edu>
wrote:
> Hey Seth,
>
> Did you have a chance to look into this?
>
> If anyone else has any input that would be helpful as well!
>
> All the best,
>
> --
> Zach Rogers
> Lead Security Analyst
> Security and Network Monitoring
> Oregon Research & Teaching Security Operations Center (ORTSOC)
> Phone: 541.737.7723
> GPG Fingerprint: ECC5 03A6 7E91 17C6 50C6 8FAC D6A0 8001 2869 BD52
>
> On 3/27/19, 10:57 AM, "Seth Hall" <seth at corelight.com> wrote:
>
>
>
> On 27 Mar 2019, at 11:54, Zander Work wrote:
>
> > The first two showing ??:0 makes sense b/c those are memory
> addresses.
> > It looks like the PE analyzer might be the culprit but I'm not sure.
>
> Yep, I knew the first two would look like that. It's ASLR being
> applied
> to glibc function (which is fine and not what I was interested in
> anyway). It did end up showing what I expected it to. I'll look
> around
> a little bit and see if anything makes sense.
>
> Thanks!
> .Seth
>
> --
> Seth Hall * Corelight, Inc * www.corelight.com
>
>
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190518/c1b087e3/attachment.html
More information about the Zeek
mailing list