Cron <root@localhost> /opt/bro/bin/broctl cron, post PF_RING update
218 views
Skip to first unread message
Richard Anderson
Aug 27, 2014, 2:50:39 PM8/27/14
to securit...@googlegroups.com
get this error every 5 minutes via email: error: broctl-config.sh not found (try 'broctl install'). I assume its a cron, but I don't know which.
Also, I was not getting these before the PF_RING update. Just want to either make it go away or fix the problem.
Richard Anderson
Aug 27, 2014, 2:53:04 PM8/27/14
to securit...@googlegroups.com
On Wednesday, August 27, 2014 1:50:39 PM UTC-5, Richard Anderson wrote:
> get this error every 5 minutes via email: error: broctl-config.sh not found (try 'broctl install'). I assume its a cron, but I don't know which.
>
> Also, I was not getting these before the PF_RING update. Just want to either make it go away or fix the problem.
> get this error every 5 minutes via email: error: broctl-config.sh not found (try 'broctl install'). I assume its a cron, but I don't know which.
>
> Also, I was not getting these before the PF_RING update. Just want to either make it go away or fix the problem.
Forgot to mention that I am not using Bro, it is disabled in the SO config.
Doug Burks
Aug 27, 2014, 3:51:09 PM8/27/14
to securit...@googlegroups.com
Hi Richard,
Per the error message, have you tried running the following?
sudo broctl install
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Per the error message, have you tried running the following?
sudo broctl install
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Richard Anderson
Aug 27, 2014, 3:55:29 PM8/27/14
to securit...@googlegroups.com
I thought about doing that, but read a few other posts where a guy did ran broctl install. Nothing in the blog post about the update to run that, so I thought it did it already. I'll run it and see what happens. Thanks.
Doug Burks
Aug 27, 2014, 3:59:38 PM8/27/14
to securit...@googlegroups.com
For Bro users, our blog post recommended running "sudo
nsm_sensor_ps-restart --only-bro" which automatically includes "broctl
install" so most users should never have to manually run "broctl
install".
Since you have Bro disabled, you can simply run "sudo broctl install".
On Wed, Aug 27, 2014 at 3:55 PM, Richard Anderson
nsm_sensor_ps-restart --only-bro" which automatically includes "broctl
install" so most users should never have to manually run "broctl
install".
Since you have Bro disabled, you can simply run "sudo broctl install".
On Wed, Aug 27, 2014 at 3:55 PM, Richard Anderson
Richard Anderson
Aug 27, 2014, 4:25:47 PM8/27/14
to securit...@googlegroups.com
Thanks Doug!
I did run "sudo salt '*' cmd.run 'sudo nsm_sensor_ps-restart --only-bro'" per the instructions, but it probably failed since Bro is disabled.
Running sudo broctl install fixed the flood of cron emails.
Doug Burks
Aug 27, 2014, 4:29:23 PM8/27/14
to securit...@googlegroups.com
Glad to hear it!
The cron job is /etc/cron.d/bro:
# /etc/cron.d/bro
#
# crontab entry to monitor Bro processes
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0-59/5 * * * * root /opt/bro/bin/broctl cron
We might want to consider adding the following to redirect all output
to the bit bucket:
> /dev/null 2>&1
Does anybody ever get emails from this cron job that they *do* want to see?
On Wed, Aug 27, 2014 at 4:25 PM, Richard Anderson
The cron job is /etc/cron.d/bro:
# /etc/cron.d/bro
#
# crontab entry to monitor Bro processes
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0-59/5 * * * * root /opt/bro/bin/broctl cron
We might want to consider adding the following to redirect all output
to the bit bucket:
> /dev/null 2>&1
Does anybody ever get emails from this cron job that they *do* want to see?
On Wed, Aug 27, 2014 at 4:25 PM, Richard Anderson
Reply all
Reply to author
Forward
0 new messages