[Bro] Is this normal?

Paul Schmehl pschmehl_lists at tx.rr.com
Wed Jan 9 11:56:11 PST 2013


Again, I'm just getting started with bro, so I'm reading through the docs 
carefully and following the instructions to the letter.  I setup a cron job 
per the docs, and now I have this:

# ps -auxw | grep bro
root      94327 102.3 37.5 5912288 4703120  ??  S     7:06PM  47:22.82 
/usr/local/bin/bro -i bce1 -U .status -p broctl -p broctl-live -p 
standalone -p local -p bro local.bro broctl broctl/standalone broctl/au
root      93616  0.0  0.0 10260  2312  ??  I     7:06PM   0:00.03 bash 
/usr/local/share/broctl/scripts/run-bro -i bce1 -U .status -p broctl -p 
broctl-live -p standalone -p local -p bro local.bro broctl b
root      94331  0.0  0.2 42864 21440  ??  RN    7:06PM   0:11.13 
/usr/local/bin/bro -i bce1 -U .status -p broctl -p broctl-live -p 
standalone -p local -p bro local.bro broctl broctl/standalone broctl/au
root      94377  0.0  0.1 48332 10948  ??  Is    7:10PM   0:00.25 
/usr/local/bin/python2.7 /usr/local/bin/broctl cron
root      94416  0.0  0.1 48332 10948  ??  Is    7:15PM   0:00.12 
/usr/local/bin/python2.7 /usr/local/bin/broctl cron
root      94434  0.0  0.1 48332 10948  ??  Is    7:20PM   0:00.17 
/usr/local/bin/python2.7 /usr/local/bin/broctl cron
root      94458  0.0  0.1 48332 10948  ??  Is    7:25PM   0:00.22 
/usr/local/bin/python2.7 /usr/local/bin/broctl cron
root      94470  0.0  0.1 48332 10948  ??  Is    7:30PM   0:00.21 
/usr/local/bin/python2.7 /usr/local/bin/broctl cron
root      94494  0.0  0.1 48332 10948  ??  Is    7:35PM   0:00.17 
/usr/local/bin/python2.7 /usr/local/bin/broctl cron
root      94506  0.0  0.1 48332 10948  ??  Is    7:40PM   0:00.12 
/usr/local/bin/python2.7 /usr/local/bin/broctl cron
root      94530  0.0  0.1 48332 10948  ??  Is    7:45PM   0:00.12 
/usr/local/bin/python2.7 /usr/local/bin/broctl cron
root      94542  0.0  0.1 48332 10948  ??  Is    7:50PM   0:00.11 
/usr/local/bin/python2.7 /usr/local/bin/broctl cron

Should I really have this many processes running?  Or did I do something 
wrong?  It seems like the cron job would kill the previously running 
process when starting a new one.

Here's the cron job:
# crontab -l | grep bro
0-59/5	*	*	*	*	/usr/local/bin/broctl cron


-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell




More information about the Bro mailing list