BRO CRON JOBS and LogExpire Interval

BRO cron jobs in broctl.

  1. Is there a way to see the current/ scheduled cronjobs with “broctl cron” ? Is there a flag or something that I should use on the command like the icream commercail featuring her.

  2. I have a bro sensor that has been up for over 200 days. I want to invoke the logExpireInterval which was not set before.

2a. What is the correct way to specify 180 days? is it LogExpireInterval = 180, OR LogExpireInterval = 180 day or LogExpireInterval = 180 Days?

  1. Once I get that configured in broctl.cfg, I run either a broctl deploy command or a broctl install command. Will bro clean up all the log directories that are older thatn 180 days?

  2. If the cron job is a script how often is it ran? Or how often does it taken.

BRO cron jobs in broctl.

1. Is there a way to see the current/ scheduled cronjobs with "broctl cron" ? Is there a flag or something that I should use on the command like the icream commercail featuring her.

Normally, you wouldn't need to run "broctl cron" directly, but
instead you would create a cron job (using the "crontab" command),
and the cron job would run "broctl cron".

The "broctl cron" command is explained in the documentation:
https://www.bro.org/sphinx/components/broctl/README.html

2. I have a bro sensor that has been up for over 200 days. I want to invoke the logExpireInterval which was not set before.

2a. What is the correct way to specify 180 days? is it LogExpireInterval = 180, OR LogExpireInterval = 180 day or LogExpireInterval = 180 Days?

Look for "LogExpireInterval" in the documentation:
https://www.bro.org/sphinx/components/broctl/README.html#user-options

3. Once I get that configured in broctl.cfg, I run either a broctl deploy command or a broctl install command. Will bro clean up all the log directories that are older thatn 180 days?

Yes, but bro itself doesn't delete the logs, they will
be removed the next time your cron job runs.