Regarding Broctl cron

LinuxBSDos.com · April 12, 2017, 2:05pm

Hello:

I've set up a cron job for "broctl cron", and verified that the cron job runs every 5 minutes. To test that the script works, I stop and watched for it to be restart by the script, but it's not happening.

I'm aware that the docs says the "main purpose of the BroControl cron command is to check for Bro nodes that have crashed, and to restart them". Though mine didn't crash, I'm expecting that the script will at least notice that it's not running and restart it.

Isn't that how it's supposed t work?

The installation, by the way, is on Ubuntu 16.04

Thanks,

-finid-

Azoff_Justin_S · April 12, 2017, 2:34pm

If you stopped bro on purpose it will not restart it. If you want to test the restart functionality you will need to kill one of the bro processes.

James_Lay · April 14, 2017, 3:34pm

I'm in this boat as well:

Apr 14 15:08:56 kernel: [1371688.768856] bro invoked oom-killer: gfp_mask=0x24280ca, order=0, oom_score_adj=0
Apr 14 15:09:09 kernel: [1371700.888321] bro invoked oom-killer: gfp_mask=0x24201ca, order=0, oom_score_adj=0
Apr 14 15:29:06 kernel: [1372898.864738] bro invoked oom-killer: gfp_mask=0x24201ca, order=0, oom_score_adj=0
Apr 14 15:29:15 kernel: [1372907.790049] bro invoked oom-killer: gfp_mask=0x24280ca, order=0, oom_score_adj=0

Name Type Host Status Pid Started
manager manager localhost running 117467 13 Apr 21:38:46
proxy-1 proxy localhost running 117509 13 Apr 21:38:48
worker-1-1 worker localhost crashed
worker-1-2 worker localhost running 117778 13 Apr 21:38:49
worker-1-3 worker localhost crashed
worker-1-4 worker localhost crashed
worker-1-5 worker localhost running 117777 13 Apr 21:38:49
worker-1-6 worker localhost crashed
worker-2-1 worker localhost running 117787 13 Apr 21:38:49
worker-2-2 worker localhost running 117775 13 Apr 21:38:49
worker-2-3 worker localhost running 117783 13 Apr 21:38:49
worker-2-4 worker localhost running 117779 13 Apr 21:38:49
worker-3-1 worker localhost running 117784 13 Apr 21:38:49
worker-3-2 worker localhost running 117780 13 Apr 21:38:49
worker-3-3 worker localhost running 117789 13 Apr 21:38:49
worker-3-4 worker localhost running 117788 13 Apr 21:38:49
worker-3-5 worker localhost running 117786 13 Apr 21:38:49
worker-3-6 worker localhost running 117790 13 Apr 21:38:49

and from crontab:
0-59/5 * * * * /opt/bro/bin/broctl cron

Cron job just isn't restarting these....manually running broctl cron works though.

James

Azoff_Justin_S · April 14, 2017, 3:46pm

Is the cron job definitely running? Is that in a users crontab or something in /etc/? If it's a system wide one in etc you'll need a user in there

We use this:

*/5 * * * * root /bro/bin/broctl cron

Daniel_Thayer · April 14, 2017, 4:22pm

Another thing to check is to run this command:
broctl cron '?'

The output should be:
cron enabled

If it says "disabled", then "broctl cron" won't do anything.

James_Lay · April 14, 2017, 6:18pm

Yep...needed the user....sigh...I miss Slackware

Thanks.

James

Topic		Replies	Views
broctl cron running, but some scheduled tasks seem to be failing? Zeek	3	52	May 6, 2022
"broctl cron" running every 5 mins, and side effects Zeek	3	67	May 6, 2022
Status crashed Zeek	4	67	May 6, 2022
Script Must Be Run On Manager Node Zeek	4	70	May 6, 2022
All cluster instances are stopped yet their process is alive Zeek	2	63	May 6, 2022

Regarding Broctl cron

Related Topics