I’m trying to compile and run Bro on Alpine Linux and I’m having an issue with broctl crashing.
Out of the box running ./configure and make using the bro 2.5.5 source I get a bunch of errors like that “‘u_char’ does not name a type” [1].
I found this project for compiling Bro on Alpine [2]. The build-bro.sh. script includes two patch files and a cmake file [3]. Manually applying those three files gets Bro to the point where it compiles successfully.
Bro will run fine from the command line, but running broctl it crashes almost immediately [4]. Broctl reports Bro as crashed, but it briefly produces all the log files I’d expect (conn, dns, etc). There’s nothing useful in the stdout, stderr or reporter logs.
I built bro with --enable-debug, I’ve got gdb installed, and I set “ulimit -c unlimited” but I don’t see a crash dump anywhere.
In the absence of any error messages I’m unsure on how to proceed. Can anyone recommend next steps?
Thanks for the help. I rebuilt bro with those patches (although they look identical to the ones I referenced earlier), making sure to grab all the dependencies listed in the docker file.
I’m still seeing broctl report that bro crashed. However, what I failed to notice before is that there are actually several bro processes running and bro is still producing logs even when broctl report it has crashed.
I suppose I could roll my own scripts to start and stop bro, but I’d prefer to actually get broctl working on alpine. Any ideas as to why it’s reporting inaccurate information?
First, I suggest running "broctl stop". Next, make sure there
are no more bro processes running on your machine by
running "broctl ps.bro". This command shows all bro processes
running, whereas "broctl status" only shows you the ones that
broctl knows about. It is important to make sure there are
no bro processes running before attempting to start bro
using broctl.
Just tried it, for now I can only confirm your problem
/tmp/bro # /usr/local/bro/bin/broctl start
starting bro …
(bro still initializing)
/tmp/bro # /usr/local/bro/bin/broctl status
Name Type Host Status Pid Started
bro standalone localhost crashed
this might help , dmesg output
device eth0 entered promiscuous mode
traps: bro: stats/Log:[14187] general protection ip:7f92f1865fbb sp:7f92f1a40880 error:0
in ld-musl-x86_64.so.1[7f92f1848000+8d000]
bro[11051]: segfault at 55ccf2f95900 ip 000055ccf2f95900 sp 00007ffd5d7bbaa8 error 15
bro[11232]: segfault at 7f4df2130df8 ip 00007f4df2130df8 sp 00007ffe154c88e8 error 15 in ld-musl-x86_64.so.1[7f4df2130000+1000]