[Bro] BRO CRON JOBS and LogExpire Interval
Daniel Thayer
dnthayer at illinois.edu
Mon Sep 10 23:24:00 PDT 2018
On 9/10/18 9:58 PM, Ludwig Goon wrote:
> BRO cron jobs in broctl.
>
>
> 1. Is there a way to see the current/ scheduled cronjobs with "broctl
> cron" ? Is there a flag or something that I should use on the command
> like the icream commercail featuring her.
Normally, you wouldn't need to run "broctl cron" directly, but
instead you would create a cron job (using the "crontab" command),
and the cron job would run "broctl cron".
The "broctl cron" command is explained in the documentation:
https://www.bro.org/sphinx/components/broctl/README.html
> 2. I have a bro sensor that has been up for over 200 days. I want to
> invoke the logExpireInterval which was not set before.
>
> 2a. What is the correct way to specify 180 days? is it
> LogExpireInterval = 180, OR LogExpireInterval = 180 day or
> LogExpireInterval = 180 Days?
Look for "LogExpireInterval" in the documentation:
https://www.bro.org/sphinx/components/broctl/README.html#user-options
> 3. Once I get that configured in broctl.cfg, I run either a broctl
> deploy command or a broctl install command. Will bro clean up all the
> log directories that are older thatn 180 days?
Yes, but bro itself doesn't delete the logs, they will
be removed the next time your cron job runs.
More information about the Bro
mailing list