Question regarding leaking file descriptors


We are having a problem with leaking file descriptors when using ActiveHTTP. We do see the temporary files being deleted, but lsof shows the files not closed, so we eventually run out of file descriptors.

Sample Output:

bro 10687 root 1016r REG 253,0 283 57148394 /tmp/bro-activehttp-qque3JKygsj_body (deleted)

bro 10687 root 1017r REG 253,0 131 57148392 /tmp/bro-activehttp-qque3JKygsj_headers (deleted)

bro 10687 root 1018r REG 253,0 348 57148398 /tmp/bro-activehttp-nhBlB9hVchg_body (deleted)

bro 10687 root 1019r REG 253,0 131 57148396 /tmp/bro-activehttp-nhBlB9hVchg_headers (deleted)

Our code is at:

We are using bro 2.4.1. Is this a known issue or do we need to change the code somehow?

Thank you for your help!

Hello Art,

this is an active issue that should be fixed in the next release. The
ticket for this issue is at

I hope that helps,