[Bro] A replacement for bro.rc (Bro-Lite): bw (Bro-Watcher)
Christopher Jay Manders
cjmanders at gmail.com
Fri Oct 3 14:10:41 PDT 2008
I spent a bit of time coding up a replacement for the bro.rc script (in C,
instead of shell or Perl code) due to our issues with it here at UCSF.
Basically, bw (Bro Watcher) handles only: Start, Stop and Checkpointing of
the Bro process. It watches for Bro and if it dies it cleans up and restarts
cleanly. It reads in a bw.cfg file and then instantiates bro, assuming
bw.cfg has all of the correct stuff.
It cleans itself up nicely, is small, and responds to kill signals (1/HUP
causes an immediate checkpointing to occur, kill alone kills both bw and any
running bro process, a 9 signal causes bw to leave bro running while killing
This is a preliminary version, but works fairly well and we are testing it
out currently. I wanted to release it to get any feedback or improvements,
ideas, etc. I hope it is useful to others.
Please let me know what thoughts folks have about the framework, code, etc.
The code is available here:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro