Any way to disable these types of emails:
localhost is seeing packets again on interface eth0
Kinda of silly 
Thank you.
James
Anyone?
James
And a third time now….I've looked through the scripts and I don't see any reference to this..I've googled and searched the docs..nothing on this. I know it's part of the cron job process, but that's all I know. Maybe if I post some config data I'll get ANY response eh? Here's my broctl config…thanks for any insight.
alive-localhost = 0
bindir = /opt/bin
bro = /opt/bin/bro
bro-crashed = 0
bro-pid = 3573
bro-port = 47760
broargs =
brobase = /opt
broctlconfigdir = /opt/spool
broversion = 2.1
capstatspath = /opt/bin/capstats
cfgdir = /opt/etc
cflowaddress =
cflowpassword =
cflowuser =
commtimeout = 10
compresslogs = 1
cron = 0
croncmd =
debug = 0
debuglog = /opt/spool/debug.log
disk-space-bro-dev-sda1 = 24.6
havenfs = 0
helperdir = /opt/share/broctl/scripts/helpers
home =
ipv6comm = 1
lastpkts-bro = 50.0
libdir = /opt/lib
libdirinternal = /opt/lib/broctl
localnetscfg = /opt/etc/networks.cfg
lockfile = /opt/spool/lock
logdir = /opt/logs
logexpireinterval = 0
logrotationinterval = 86400
mailalarmsto = root@localhost
mailfrom = Big Brother <bro@gateway>
mailreplyto =
mailsubjectprefix = [Bro]
mailto = root@localhost
makearchivename = /opt/share/broctl/scripts/make-archive-name
manager-crashed = 0
manager-pid =
manager-port = 47761
memlimit = unlimited
mindiskspace = 5
nodecfg = /opt/etc/node.cfg
os = linux
pfringclusterid = 0
plugindir = /opt/lib/broctl/plugins
policydir = /opt/share/bro
policydirsiteinstall = /opt/spool/installed-scripts-do-not-touch/site
policydirsiteinstallauto = /opt/spool/installed-scripts-do-not-touch/auto
postprocdir = /opt/share/broctl/scripts/postprocessors
prefixes = local
proxy-1-crashed = 0
proxy-1-pid =
proxy-1-port = 47762
savetraces = 0
scriptsdir = /opt/share/broctl/scripts
sendmail = /usr/sbin/sendmail
sigint = 0
sitepluginpath =
sitepolicymanager = local-manager.bro
sitepolicypath = /opt/share/bro/site
sitepolicystandalone = local.bro
sitepolicyworker = local-worker.bro
spooldir = /opt/spool
standalone = 1
statefile = /opt/spool/broctl.dat
staticdir = /opt/share/broctl
statsdir = /opt/logs/stats
statslog = /opt/spool/stats.log
stoptimeout = 60
test.enabled = 0
test.foo = 1
time = /usr/bin/time
timefmt = %d %b %H:%M:%S
timemachinehost =
timemachineport = 47757/tcp
tmpdir = /opt/spool/tmp
tmpexecdir = /opt/spool/tmp
tracesummary = /opt/bin/trace-summary
version = 1.1
worker-1-crashed = 0
worker-1-pid =
worker-1-port = 47763
worker-2-crashed = 0
worker-2-pid =
worker-2-port = 47764
zoneid =
I don't see any options to tweak how the output of `broctl cron` is constructed/emailed. You can add a feature request at http://tracker.bro.org/bro.
The quick and dirty way to disable it would be to directly remove or comment out the code that generates those messages in /usr/local/bro/lib/broctl/BroControl/cron.py. (looks like for v2.1, that's lines 119-123).
- Jon
Thanks Jon...Mike Patterson sent me this offlist, and here's my response as well:
Are you getting this constantly? I do get it on occasion, when
something horrid has happened (link is down or a worker has crashed)
but otherwise, my Bro install is silent.
Mike
This is listening on my home LAN...so when it's not in use for 5 minutes, not uncommon, I'll see these. Thanks for the response.
I'll take a peek at cron.py and file a feature request as well...thanks again, it does help.
James
Ahhh. This is another characteristic of Bro only being used on high volume networks. I'm still hoping that before too much longer we'll have resources to be able to do a bit of a rewrite/rearchitecting of broctl where things like this would be addressed.
Thanks for reporting.
  .Seth
Thanks Seth. From my own vantage point, maybe providing quick/easy methods to start or stop all things that log/email could be implemented going forward. Thank you.
James
Yep, I suspect when/if we start on the broctl rework we will put some thought into all input and output from broctl.
  .Seth