'cf' utility with Bro 2.5

I’ve started to experience an issue with the ‘cf’ utility, so I wanted to check and see if anyone else had ever experienced a similar issue:

Initially, I started to think that either I was crazy, or something had changed. I was checking some alerts Monday morning from last Friday, when I started experiencing an issue zcatting an http.log.gz file piped into ‘cf’. I’ve changed nothing on this management server for months, yet I’m seeing seg faults like the following:

Oct 2 11:54:29 lamborghini kernel: cf[182679]: segfault at 30 ip 00007fb078511111 sp 00007ffc2c7b87b0 error 4 in libc-2.19.so[7fb078459000+1ba000]
Oct 2 11:54:50 lamborghini kernel: cf[182694]: segfault at 30 ip 00007ff5d3004111 sp 00007ffc70d411b0 error 4 in libc-2.19.so[7ff5d2f4c000+1ba000]
Oct 2 11:54:57 lamborghini kernel: cf[182698]: segfault at 30 ip 00007ff285fb6111 sp 00007ffd44bb72d0 error 4 in libc-2.19.so[7ff285efe000+1ba000]
Oct 2 11:55:39 lamborghini kernel: cf[182737]: segfault at 30 ip 00007f12925da111 sp 00007ffffdb25410 error 4 in libc-2.19.so[7f1292522000+1ba000]
Oct 2 11:55:48 lamborghini kernel: cf[182743]: segfault at 30 ip 00007f7a86b20111 sp 00007fff3eec2900 error 4 in libc-2.19.so[7f7a86a68000+1ba000]
Oct 2 11:55:53 lamborghini kernel: cf[182748]: segfault at 30 ip 00007f7134340111 sp 00007fffb518fca0 error 4 in libc-2.19.so[7f7134288000+1ba000]
Oct 2 11:56:40 lamborghini kernel: cf[182772]: segfault at 30 ip 00007f5569185111 sp 00007ffc02d9ecd0 error 4 in libc-2.19.so[7f55690cd000+1ba000]
Oct 2 11:58:12 lamborghini kernel: cf[183017]: segfault at 30 ip 00007f7d1167c111 sp 00007ffef64635f0 error 4 in libc-2.19.so[7f7d115c4000+1ba000]
Oct 2 11:58:49 lamborghini kernel: cf[183032]: segfault at 30 ip 00007fa016b4c111 sp 00007ffc80bbbc00 error 4 in libc-2.19.so[7fa016a94000+1ba000]
Oct 2 11:59:40 lamborghini kernel: cf[183062]: segfault at 30 ip 00007f4b2bbec111 sp 00007ffd7d556c00 error 4 in libc-2.19.so[7f4b2bb34000+1ba000]
Oct 2 11:59:58 lamborghini kernel: cf[183068]: segfault at 30 ip 00007f71ab8ad111 sp 00007ffe11c6a230 error 4 in libc-2.19.so[7f71ab7f5000+1ba000]
Oct 2 12:00:59 lamborghini kernel: cf[183102]: segfault at 30 ip 00007f11db924111 sp 00007ffe814cdc40 error 4 in libc-2.19.so[7f11db86c000+1ba000]
Oct 2 12:01:26 lamborghini kernel: cf[183126]: segfault at 30 ip 00007ff0fb745111 sp 00007fff28522010 error 4 in libc-2.19.so[7ff0fb68d000+1ba000]
Oct 2 12:02:08 lamborghini kernel: cf[183323]: segfault at 30 ip 00007f66d0079111 sp 00007fff1466ded0 error 4 in libc-2.19.so[7f66cffc1000+1ba000]
Oct 2 12:02:20 lamborghini kernel: cf[183345]: segfault at 30 ip 00007f61ebad1111 sp 00007ffec6a6af60 error 4 in libc-2.19.so[7f61eba19000+1ba000]
Oct 2 12:04:54 lamborghini kernel: cf[183420]: segfault at 30 ip 00007fdb0084f111 sp 00007ffc6d02ce90 error 4 in libc-2.19.so[7fdb00797000+1ba000]
Oct 2 13:36:04 lamborghini kernel: cf[191311]: segfault at 30 ip 00007f4b682d9111 sp 00007ffff14c5850 error 4 in libc-2.19.so[7f4b68221000+1ba000]
Oct 2 13:37:27 lamborghini kernel: cf[191707]: segfault at 30 ip 00007fd2e1a9a111 sp 00007fffa4d628a0 error 4 in libc-2.19.so[7fd2e19e2000+1ba000]
Oct 2 13:40:50 lamborghini kernel: cf[193145]: segfault at 30 ip 00007f7480dea111 sp 00007ffe3bdb5f70 error 4 in libc-2.19.so[7f7480d32000+1ba000]
Oct 2 13:41:29 lamborghini kernel: cf[193171]: segfault at 30 ip 00007fbb45684111 sp 00007ffffcb81670 error 4 in libc-2.19.so[7fbb455cc000+1ba000]
Oct 2 13:41:48 lamborghini kernel: cf[193383]: segfault at 30 ip 00007fc039d6f111 sp 00007ffc0ff665e0 error 4 in libc-2.19.so[7fc039cb7000+1ba000]
Oct 2 13:54:12 lamborghini kernel: cf[195708]: segfault at 30 ip 00007fcea4675111 sp 00007ffeec7142f0 error 4 in libc-2.19.so[7fcea45bd000+1ba000]
Oct 2 14:17:22 lamborghini kernel: cf[1272]: segfault at 30 ip 00007fe0331f1111 sp 00007fff74bba0d0 error 4 in libc-2.19.so[7fe033139000+1ba000]
Oct 2 14:32:51 lamborghini kernel: cf[1791]: segfault at 30 ip 00007fc53a151111 sp 00007fff567376a0 error 4 in libc-2.19.so[7fc53a099000+1ba000]
Oct 2 14:33:26 lamborghini kernel: cf[2413]: segfault at 30 ip 00007fa6f93b8111 sp 00007ffd778c7740 error 4 in libc-2.19.so[7fa6f9300000+1ba000]
Oct 2 14:55:26 lamborghini kernel: cf[5664]: segfault at 30 ip 00007f0c18ebe111 sp 00007ffd844fb370 error 4 in libc-2.19.so[7f0c18e06000+1ba000]
Oct 2 14:55:56 lamborghini kernel: cf[5696]: segfault at 30 ip 00007f3814019111 sp 00007ffc936a16a0 error 4 in libc-2.19.so[7f3813f61000+1ba000]
Oct 2 14:56:17 lamborghini kernel: cf[5702]: segfault at 30 ip 00007f1bf94ac111 sp 00007fff2584d280 error 4 in libc-2.19.so[7f1bf93f4000+1ba000]

I attempted to check to see if there was a newer version of ‘cf’, but I now notice the link on the bro.org website to the ‘cf’ utility appears to no longer be valid.

Is ‘cf’ still being used/promoted, and if so, is it possible that it’s getting a re-work right now, and as such the the download link for the old version is no longer valid?

Respectfully,

-Erin Shelton

Eshelton,

Here is link to cf utility: ftp://ftp.ee.lbl.gov/cf-1.2.5.tar.gz

Try this one and see if you still encounter seg faults.

Aashish

Or switch to using ‘bro-cut -d’ and not have to worry about keeping up with ‘cf’. :slight_smile:

-Dop