Hi list:
Just a quick note to say that I've been working on a plugin to support profiling bro script execution in my spare time. The eventual goal is to make it a bit easier to profile / troubleshoot / optimize bro's performance.
I'm soliciting a bit of feedback / thoughts / opinions if folks have time and interest to spare. Current code is here:
https://github.com/cubic1271/bro-plugin-instrumentation
There's a pretty long README in the repository. CSV and JSON output formats are supported at present.
There's also a pretty basic web UI included in the 'ui' directory of the project that eats the JSON output and turns it into something a little more human-readable. An example of what this looks like is available here:
https://cubic1271.github.io/bro-plugin-instrumentation/#/home
The 'What is it?' tab on that page has more information on the UI along with a short explanation of how to deploy the web application to poke through local profiling data. The short version is that grabbing the 'gh-pages' branch of the instrumentation plugin repository and replacing the JSON files / callgraph.png with your own data, then serving with python -m SimpleHTTPServer or the like and loading in a browser should do the trick.
The example data in the above was pulled from a public example trace I found on the internet somewhere.
Questions / comments / concerns / criticism, please feel free to get in touch.
Cheers,
Gilbert Clark
That’s really neat! Thanks for sharing! You’ve been burning on this in the background for so many year now that it’s really neat to see something like this coming out of it. I need to play with it some, but I can already imagine that I’ll have some feedback for you soon. : )
.Seth
One small thing already, it doesn’t seem to be building for me. Am I doing something wrong?
/Users/seth/bro/bro-plugin-instrumentation/src/http/civetweb.c:6480:5: error: expected expression
DEBUG_TRACE("going idle");
^
/Users/seth/bro/bro-plugin-instrumentation/src/http/civetweb.c:381:84: note: expanded from macro 'DEBUG_TRACE'
#define DEBUG_TRACE(fmt, ...) DEBUG_TRACE_FUNC(__func__, __LINE__, fmt, __VA_ARGS__)
^
/Users/seth/bro/bro-plugin-instrumentation/src/http/civetweb.c:6572:5: error: expected expression
DEBUG_TRACE("exiting");
^
/Users/seth/bro/bro-plugin-instrumentation/src/http/civetweb.c:381:84: note: expanded from macro 'DEBUG_TRACE'
#define DEBUG_TRACE(fmt, ...) DEBUG_TRACE_FUNC(__func__, __LINE__, fmt, __VA_ARGS__)
^
/Users/seth/bro/bro-plugin-instrumentation/src/http/civetweb.c:6724:5: error: expected expression
DEBUG_TRACE("stopping workers");
^
/Users/seth/bro/bro-plugin-instrumentation/src/http/civetweb.c:381:84: note: expanded from macro 'DEBUG_TRACE'
#define DEBUG_TRACE(fmt, ...) DEBUG_TRACE_FUNC(__func__, __LINE__, fmt, __VA_ARGS__)
^
/Users/seth/bro/bro-plugin-instrumentation/src/http/civetweb.c:6748:5: error: expected expression
DEBUG_TRACE("exiting");
^
/Users/seth/bro/bro-plugin-instrumentation/src/http/civetweb.c:381:84: note: expanded from macro 'DEBUG_TRACE'
#define DEBUG_TRACE(fmt, ...) DEBUG_TRACE_FUNC(__func__, __LINE__, fmt, __VA_ARGS__)
^
4 errors generated.
.Seth
Hah, nice ... five hours and it's already broken 
Also, I've pushed something I believe to be a fix for this issue. Please give it another try and let me know.
I've also opened an issue for this here: https://github.com/cubic1271/bro-plugin-instrumentation/issues/1
Thanks for taking the time to try this out!
Cheers,
Gilbert
Yay! It built. I’ll try and run it tonight.
.Seth