[Bro] broctl cron running, but some scheduled tasks seem to be failing?
dnthayer at illinois.edu
Thu Dec 19 06:26:06 PST 2013
On 12/18/2013 11:31 PM, Gary Faulkner wrote:
> I'm trying to troubleshoot some odd behavior. I stopped receiving hourly
> email summaries and logs stopped being moved and compressed at some
> point this afternoon; although new logs are still being started hourly
> and the old log being renamed.
> As far as I can tell from the cron log the broctl cron job is running as
> scheduled. I tried running broctl cron manually, but no dice. It didn't
> see any hung processes from earlier cron jobs or any emails in the bro
> user's mailbox indicating something went awry. Does broctl cron produce
> any log output if it has trouble?
Actually, broctl cron doesn't do log rotation or hourly email summaries.
In fact, those happen even if broctl isn't running at all. When it's
time to do a log rotation, Bro itself (on the manager host) executes
and that script then executes a script
that generates and emails the connection summary report.
So, I'd suggest making sure those scripts exist on your manager host,
check if you see any "archive-log" processes running in the background,
and then check if you're running out of disk space.
More information about the Bro