bro manager stops writing logs - EINTR issue ?

barak_gilboa · January 17, 2016, 8:58am

Hello,
I would appreciate anyone’s help on the following issue :

setup: 24 workers,1 proxy, 1 manager. each worker has a bloomfilter of its own so eventually very few events are passed on to the manager for writing. there is only 1 log file being written (dns.log) which fills at a rate of about 10k lines per sec.

problem: after a few hours, manager stops writing the log file though everything is still running. no errors on debug.log or stderr.log.
I ran strace and found that the manager’s child process has EINTR issue:

ERESTARTNOHAND to be restarted if no handler
SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL}
rt_sigreturn()=-1 EINTR (interrupted system call)

I read that bro should handle EINTR errors internally.

any suggestions on what can be done ?

thanks !
Barak

Seth_Hall3 · January 18, 2016, 2:48pm

I'm not completely sure what's causing the issue that you're seeing, but could you try running your same workload with a branch I've worked on some?
topic/seth/remove-flare

Thanks!
.Seth

barak_gilboa · January 19, 2016, 2:31pm

hi

can you please post the full url for your version ?
i cant find it under https://github.com/sethhall

thanks

Seth_Hall3 · January 19, 2016, 3:06pm

It's a branch on the main Bro repository.

.Seth

Topic		Replies	Views
bro manager stops writing logs - EINTR issue ? Zeek	1	69	May 6, 2022
Manager swapping.. Zeek	11	106	May 6, 2022
Version: 2.0-907 -- Bro manager memory exhaustion Development development	2	106	May 6, 2022
Bro cluster requirements and manager logging backlog bug Zeek	34	155	May 6, 2022
Bro crashed this morning.. Zeek	7	91	May 6, 2022

bro manager stops writing logs - EINTR issue ?

Related topics