[Bro] Bro crashed this morning..

fatema bannatwala fatema.bannatwala at gmail.com
Mon Oct 24 11:48:56 PDT 2016


I have two crons currently in bro's crontab:
$ crontab -l
0-59/5 * * * *  /usr/local/bro/default/bin/broctl cron
55 6 * * *      /usr/local/bro/bin/restart-bro

restart-bro is a small script that looks like this:

 /usr/local/bro/default/bin/broctl install
 /usr/local/bro/default/bin/broctl restart

The reason, I think, for having bro restart every morning at 6:55 is we
pull down the intel feeds every morning at 6:45
that updates the files that bro monitors as input feeds for intel framework.
And I thought that Bro would not pick up new/updated input feeds unless
restarted.

Is that would be something causing bro to not restart?


On Mon, Oct 24, 2016 at 2:24 PM, Azoff, Justin S <jazoff at illinois.edu>
wrote:

>
> > On Oct 23, 2016, at 5:00 PM, fatema bannatwala <
> fatema.bannatwala at gmail.com> wrote:
> >
> > Hi all,
> >
> > So, it happened again, this morning around 6:55am.
> > Bro stopped at that time, don't really know why.
> > I got to know about this when I wanted to analyse traffic for a
> particular IP around 11 and found out that we don't have any logs after 7am
> logged by BRO :(
>
> Do you have the 'broctl cron' job installed?
>
> # /etc/cron.d/bro
> # bro cron tasks
> @reboot      root timeout 10m /bro/bin/broctl start
> */5  * * * * root timeout 10m /bro/bin/broctl cron
>
> --
> - Justin Azoff
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161024/57450eb6/attachment.html 


More information about the Bro mailing list