[Bro] broctl cron running, but some scheduled tasks seem to be failing?
gary at doit.wisc.edu
Thu Dec 19 07:35:39 PST 2013
Thanks for clearing that up. It helps to be looking in the right place
:-) Only using about 11% of the disk space on the manager node and only
1% on the worker node. I don't see any archive-log processes running,
but I've believe I've seen them in the process list after stopping my
bro instance, so I think I have an idea what I'd see if they were running.
Office of Campus Information Security
On 12/19/2013 8:26 AM, Daniel Thayer wrote:
> On 12/18/2013 11:31 PM, Gary Faulkner wrote:
>> I'm trying to troubleshoot some odd behavior. I stopped receiving hourly
>> email summaries and logs stopped being moved and compressed at some
>> point this afternoon; although new logs are still being started hourly
>> and the old log being renamed.
>> As far as I can tell from the cron log the broctl cron job is running as
>> scheduled. I tried running broctl cron manually, but no dice. It didn't
>> see any hung processes from earlier cron jobs or any emails in the bro
>> user's mailbox indicating something went awry. Does broctl cron produce
>> any log output if it has trouble?
> Actually, broctl cron doesn't do log rotation or hourly email summaries.
> In fact, those happen even if broctl isn't running at all. When it's
> time to do a log rotation, Bro itself (on the manager host) executes
> a script
> and that script then executes a script
> that generates and emails the connection summary report.
> So, I'd suggest making sure those scripts exist on your manager host,
> check if you see any "archive-log" processes running in the background,
> and then check if you're running out of disk space.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6257 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131219/87b63a02/attachment.bin
More information about the Bro