[libtrace-users] Libtrace crash for reasons unknown. General
question
Niclas Rosell
niclas.rosell at iis.se
Wed Jan 21 00:54:20 NZDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I had an incident on 8 januari 11:35 UTC where tracesplit just died at
the same time on two different servers (located at totaly different
sites). I have no data available to recreate the situation but I would
like to hear if anyone else had a similar experience.
We are capturing dns-traffic on port 53 with tracedns like this on
both machines:
/usr/local/bin/tracesplit -s 1231415700 -i 300 -f port 53 and not host
xxx.xxx.xxx.xxx and not host xxx.xxx.xxx.xxx pcapint:em1
pcapfile:somefile
tracesplit has been working great like this for months on both servers
with no issues. The crash happened on both servers within 5 minutes,
Maby at the same time but I cant tell from the data I have. The
expected dumpfiles was empty which may indicate that it happened
during rotation of outputfile.
One possibility is that some kind of malicious package that causes
tracesplit to exit hit both servers simultaniously but it seems loke a
longshot.
Any ideas or thoughts?
$ uname -sr
OpenBSD 4.3
$ tracesplit -H
libtrace 3.0.4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iEYEARECAAYFAkl1u3EACgkQBcMCD8D7sY6u0wCeIujnpYXuohfnwvwdEm07LS3y
frEAoI3ZA5izwYsMJznbv+7keCyCdq+j
=hr2/
-----END PGP SIGNATURE-----
More information about the Libtrace-users
mailing list