[Bro] Regarding Broctl cron

James Lay jlay at slave-tothe-box.net
Fri Apr 14 08:34:15 PDT 2017 

On 2017-04-12 08:34, Azoff, Justin S wrote:
>> On Apr 12, 2017, at 9:05 AM, LinuxBSDos.com <finid at vivaldi.net> wrote:
>> 
>> Hello:
>> 
>> I've set up a cron job for "broctl cron", and verified that the cron 
>> job
>> runs every 5 minutes. To test that the script works, I stop and 
>> watched
>> for it to be restart by the script, but it's not happening.
>> 
>> I'm aware that the docs says the "main purpose of the BroControl cron
>> command is to check for Bro nodes that have crashed, and to restart
>> them". Though mine didn't crash, I'm expecting that the script will at
>> least notice that it's not running and restart it.
>> 
>> Isn't that how it's supposed t work?
> 
> If you stopped bro on purpose it will not restart it.  If you want to
> test the restart functionality you will need to kill one of the bro
> processes.

I'm in this boat as well:

Apr 14 15:08:56 kernel: [1371688.768856] bro invoked oom-killer: 
gfp_mask=0x24280ca, order=0, oom_score_adj=0
Apr 14 15:09:09 kernel: [1371700.888321] bro invoked oom-killer: 
gfp_mask=0x24201ca, order=0, oom_score_adj=0
Apr 14 15:29:06 kernel: [1372898.864738] bro invoked oom-killer: 
gfp_mask=0x24201ca, order=0, oom_score_adj=0
Apr 14 15:29:15 kernel: [1372907.790049] bro invoked oom-killer: 
gfp_mask=0x24280ca, order=0, oom_score_adj=0

Name         Type    Host             Status    Pid    Started
manager      manager localhost        running   117467 13 Apr 21:38:46
proxy-1      proxy   localhost        running   117509 13 Apr 21:38:48
worker-1-1   worker  localhost        crashed
worker-1-2   worker  localhost        running   117778 13 Apr 21:38:49
worker-1-3   worker  localhost        crashed
worker-1-4   worker  localhost        crashed
worker-1-5   worker  localhost        running   117777 13 Apr 21:38:49
worker-1-6   worker  localhost        crashed
worker-2-1   worker  localhost        running   117787 13 Apr 21:38:49
worker-2-2   worker  localhost        running   117775 13 Apr 21:38:49
worker-2-3   worker  localhost        running   117783 13 Apr 21:38:49
worker-2-4   worker  localhost        running   117779 13 Apr 21:38:49
worker-3-1   worker  localhost        running   117784 13 Apr 21:38:49
worker-3-2   worker  localhost        running   117780 13 Apr 21:38:49
worker-3-3   worker  localhost        running   117789 13 Apr 21:38:49
worker-3-4   worker  localhost        running   117788 13 Apr 21:38:49
worker-3-5   worker  localhost        running   117786 13 Apr 21:38:49
worker-3-6   worker  localhost        running   117790 13 Apr 21:38:49

and from crontab:
0-59/5 * * * * /opt/bro/bin/broctl cron

Cron job just isn't restarting these....manually running broctl cron 
works though.

James

More information about the Bro mailing list