sostat leads to awk reporting division by zero error
已查看 261 次
跳至第一个未读帖子
Jim Solderitsch
2015年9月21日 20:54:162015/9/21
收件人 security-onion
Getting back to Security Onion after several months away. I updated today and tried to rerun the command: sudo sostat > sostat.txt.
awk reports an error:
awk: cmd. line:1: (FILENAME=- FNR=1) fatal: division by zero attempted
As I recall, this command used to work without this error.
Appreciate a pointer to what I am doing wrong.
Thanks
Jim
Jim Solderitsch
2015年9月21日 20:58:272015/9/21
收件人 security-onion
I do get output from the command though.
Doug Burks
2015年9月22日 06:31:502015/9/22
收件人 securit...@googlegroups.com
Hi Jim,
Can you provide the full sostat output (redacting sensitive info as necessary)?
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Can you provide the full sostat output (redacting sensitive info as necessary)?
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Shane Castle
2015年9月22日 07:12:182015/9/22
收件人 securit...@googlegroups.com
Doug, I have seen this problem occasionally, when the broctl netstats output is
being analyzed by sostat. In some cases, bro will seem to be up but the netstats
command does not seem to produce usable output. I will try to reproduce the problem.
Mit besten Grüßen
Shane Castle
being analyzed by sostat. In some cases, bro will seem to be up but the netstats
command does not seem to produce usable output. I will try to reproduce the problem.
Shane Castle
Shane Castle
2015年9月22日 07:41:192015/9/22
收件人 securit...@googlegroups.com
This occurs when there is only one worker and the broctl netstats output is
bro: <error: cannot connect to 127.0.0.1:47760>
At any rate, it is not in the form
bro: 1442921826.517611 recvd=13845 dropped=0 link=13845
As to how Bro gets in this state, well, that's another issue. I found this in
one of my old sostat outputs -- I run sostat from time to time and save the
output. The same output showed the broctl status as
Status: Bro
Getting process status ...
Getting peer status ...
Name Type Host Status Pid Peers Started
bro standalone localhost running 5868 ??? 17 Aug 14:33:00
Hope this helps.
bro: <error: cannot connect to 127.0.0.1:47760>
At any rate, it is not in the form
bro: 1442921826.517611 recvd=13845 dropped=0 link=13845
As to how Bro gets in this state, well, that's another issue. I found this in
one of my old sostat outputs -- I run sostat from time to time and save the
output. The same output showed the broctl status as
Status: Bro
Getting process status ...
Getting peer status ...
Name Type Host Status Pid Peers Started
bro standalone localhost running 5868 ??? 17 Aug 14:33:00
Hope this helps.
Doug Burks
2015年9月22日 09:07:522015/9/22
收件人 securit...@googlegroups.com
I've created Issue 817 for this:
https://github.com/Security-Onion-Solutions/security-onion/issues/817
https://github.com/Security-Onion-Solutions/security-onion/issues/817
Jim Solderitsch
2015年9月22日 15:02:522015/9/22
收件人 security-onion
More data from my situation.
I was previously using a special instance of my eth1 sniffing interface based on my sharing out of a USB ethernet adapter connection via Mac OS X Internet sharing. I created that when I was playing with a simulated control system network last Spring. When I recalled how my configured eth1 was special, I made sure that the USB ethernet adapter was connected when I booted up Security Onion and now there are no awk divide by zero errors reported when I run sostat.
I had previously noted that the bro conn.log was missing so I should have been sensitive to a bro start-up issue but did not trouble shoot the situation carefully.
Thanks for the attention to this report.
Jim
On Tuesday, September 22, 2015 at 9:07:52 AM UTC-4, Doug Burks wrote:
> I've created Issue 817 for this:
> https://github.com/Security-Onion-Solutions/security-onion/issues/817
>
I was previously using a special instance of my eth1 sniffing interface based on my sharing out of a USB ethernet adapter connection via Mac OS X Internet sharing. I created that when I was playing with a simulated control system network last Spring. When I recalled how my configured eth1 was special, I made sure that the USB ethernet adapter was connected when I booted up Security Onion and now there are no awk divide by zero errors reported when I run sostat.
I had previously noted that the bro conn.log was missing so I should have been sensitive to a bro start-up issue but did not trouble shoot the situation carefully.
Thanks for the attention to this report.
Jim
On Tuesday, September 22, 2015 at 9:07:52 AM UTC-4, Doug Burks wrote:
> I've created Issue 817 for this:
> https://github.com/Security-Onion-Solutions/security-onion/issues/817
>
回复全部
回复作者
转发
0 个新帖子