I know the smb analyzer still has a few bugs in Bro-2.1 , but is there any way to prevent/catch the bro workers from infrequently crashing (~2-3 times per day, under peak periods)?
I've included partial output from stderr.log, which I believe is a good representation of each crash output.
Also, probably a dumb question, but when a worker crashes, will it completely stop logging activity until it is restarted (by broctl cron)? I assume so. Would there be any harm in running broctl cron every minute, as opposed to 5 minutes?
Unfortunately I'm not able to identify the cause of the crash, other than bugs in the code, so any guidance or available tools to investigate the cause would also be helpful.