[Bro] A replacement for bro.rc (Bro-Lite): bw (Bro-Watcher)

Christopher Jay Manders cjmanders at gmail.com
Fri Oct 3 14:10:41 PDT 2008

Hi All,

I spent a bit of time coding up a replacement for the bro.rc script (in C,
instead of shell or Perl code) due to our issues with it here at UCSF.

Basically, bw (Bro Watcher) handles only: Start, Stop and Checkpointing of
the Bro process. It watches for Bro and if it dies it cleans up and restarts
cleanly. It reads in a bw.cfg file and then instantiates bro, assuming
bw.cfg has all of the correct stuff.

It cleans itself up nicely, is small, and responds to kill signals (1/HUP
causes an immediate checkpointing to occur, kill alone kills both bw and any
running bro process, a 9 signal causes bw to leave bro running while killing

This is a preliminary version, but works fairly well and we are testing it
out currently. I wanted to release it to get any feedback or improvements,
ideas, etc. I hope it is useful to others.

Please let me know what thoughts folks have about the framework, code, etc.

The code is available here:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20081003/aeecbc3f/attachment.html 

More information about the Bro mailing list