[Zeek] Worker being "killed nohup"
Jeff Barber
jsbarber60 at gmail.com
Wed Nov 6 10:13:33 PST 2019
> I'm running Zeek 2.6.4 and I have been seeing occasional error messages
of the form:
>
> run-bro: line 110: 42574 Killed nohup ${pin_command}
$pin_cpu "$mybro" "$@"
>
> The workers seem to be restarted fine and other than the error message, I
haven't noticed any ill behavior. What should I do about the error messages?
I would check your syslog. Assuming you are running linux, if your system
runs out of memory, the kernel will go find the biggest process and kill
it. This can often be a zeek process as they tend to grow large as more
connections are tracked (depending on many factors: what scripts you are
running, what you're logging, what kind of traffic is being seen, etc.). If
that's happening, you should see something in syslog containing the
string "invoked
oom-killer:" If you look at the surrounding lines, there should be some
info on process sizes showing why it was selected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191106/d7bb0b8b/attachment.html
More information about the Zeek
mailing list