I just build and deployed bro-0.8a57 and the thing
segfaults after about
5-100 minutes of running. I tried '-t file', but then it segfaults
Platform is RedHat 9; default build of bro with ssl. Deployed on a fairly
loaded 10MB/s link.
Anybody else seeing this?
I don't run in that environment, but Robin does (or in something similar),
and I don't believe he's encountered any problems recently.
In general, when reporting a Bro crash, it helps a lot to show a traceback
(not -t output, which is generally much to voluminous to aid in debugging
crashes). Better (much) still is a tcpdump trace that reprodouces the
problem, if you're able to give me a copy of such.
Note, I recently ran across a problem running Bro's signature engine
against UDP or ICMP traffic. By default, each new UDP/ICMP flow sticks
around forever, so this rapidly consumes a huge amount of memory. You
can eliminate the problem via "@load reduce-memory".