[Bro-Dev] Updating NEWS for 2.5

Daniel Thayer dnthayer at illinois.edu
Tue Aug 9 14:53:07 PDT 2016


I've attached the list of significant BroControl changes.


On 8/8/16 2:04 PM, Robin Sommer wrote:
> Could folks take a look at NEWS and see what's missing?
>
> Couple of things I think we should add at least:
>
>     - Document the cluster framework's new logger node, with an
>       example how to use it.
>
>     - Document the recent intel framework updates.
>
>     - Add BroControl news/changes.
>
> Any takers for these?
>
> Robin
>
-------------- next part --------------

New Functionality
-----------------
    
- There is a new node type "logger" that can be specified in node.cfg
  (that file has a commented-out example).  The purpose of this new node
  type is to receive logs from all nodes in a cluster in order to reduce
  the load on the manager node.  However, if there is no "logger" node,
  then the manager node will handle logging as usual.

- The post-terminate script will send email if it fails to archive
  any log files.  These mails can be turned off by changing the value
  of the new BroControl option MailArchiveLogFail.

- Added the ability for "broctl deploy" to reload the BroControl
  configuration (both broctl.cfg and node.cfg).  This happens
  automatically if broctl detects any changes to those config files
  since the last time the config was loaded.  Note that this feature
  is relevant only when using the BroControl shell interactively.

- The BroControl plugin API has a new function "broctl_config".  This
  gives plugin authors the ability to add their own script code to the
  autogenerated broctl-config.bro script.

- There is a new BroControl plugin for custom load balancing.  This
  plugin can be used by setting "lb_method=custom" for your worker
  nodes in node.cfg.  To support packet source plugins, it allows
  configuration of a prefix and suffix for the interface name.


Changed Functionality
---------------------

- The networks.cfg file now contains private IP space 172.16.0.0/12 by
  default.

- Upon startup, if broctl can't get IP addresses from the "ifconfig"
  command for any reason, then broctl will now also try to use the "ip"
  command.

- BroControl will now automatically search the Bro plugin directory
  for BroControl plugins (in addition to all the other places where
  BroControl searches).  This enables automatic loading of BroControl
  plugins that are provided by a Bro plugin.

- Changed the default value of the StatusCmdShowAll option so that
  the "broctl status" command runs faster.  This also means that there
  is no longer a "Peers" column in the status output by default.

- Users can now specify a more granular log expiration interval.
  The BroControl option LogExpireInterval can be set to an arbitrary
  time interval instead of just an integer number of days.  The time
  interval is specified as an integer followed by a time unit: "day",
  "hr", or "min".  For backward compatibility, an integer value without
  a time unit is still interpreted as a number of days.

- Changed the text of crash report emails.  Now crash reports tell the
  user to forward the mail to the Bro team only when a backtrace is
  included in the crash report.  If there is no backtrace, then the
  crash report includes instructions on how to get backtraces
  included in future crash reports.



More information about the bro-dev mailing list