[Bro] question about intel files
Azoff, Justin S
jazoff at illinois.edu
Wed Aug 3 07:51:04 PDT 2016
> On Aug 3, 2016, at 10:42 AM, philosnef <philosnef at yahoo.com> wrote:
>
> Because, on boxes where we arent consistently rebooting bro, we are having oomkiller nuking splunk and bro.
>
Ok.. because before you said "At no point is oomkiller called"
I'm assuming that you have a cron job or something running broctl restart every 8 hours.
Can you add a script that does this, once per hour or so (and set to run at a particular minute so it runs before the job that restarts bro runs)
date
free -m
top -a -b -n 1
broctl top
and sends that to a file, then show us what that says after a day or so?
If you've been showing us system information from immediately after bro is restarted and not while the problem is occurring then that data isn't very useful.
--
- Justin Azoff
More information about the Bro
mailing list