[Bro-Dev] Updating NEWS for 2.5
dnthayer at illinois.edu
Tue Aug 9 14:53:07 PDT 2016
I've attached the list of significant BroControl changes.
On 8/8/16 2:04 PM, Robin Sommer wrote:
> Could folks take a look at NEWS and see what's missing?
> Couple of things I think we should add at least:
> - Document the cluster framework's new logger node, with an
> example how to use it.
> - Document the recent intel framework updates.
> - Add BroControl news/changes.
> Any takers for these?
-------------- next part --------------
- There is a new node type "logger" that can be specified in node.cfg
(that file has a commented-out example). The purpose of this new node
type is to receive logs from all nodes in a cluster in order to reduce
the load on the manager node. However, if there is no "logger" node,
then the manager node will handle logging as usual.
- The post-terminate script will send email if it fails to archive
any log files. These mails can be turned off by changing the value
of the new BroControl option MailArchiveLogFail.
- Added the ability for "broctl deploy" to reload the BroControl
configuration (both broctl.cfg and node.cfg). This happens
automatically if broctl detects any changes to those config files
since the last time the config was loaded. Note that this feature
is relevant only when using the BroControl shell interactively.
- The BroControl plugin API has a new function "broctl_config". This
gives plugin authors the ability to add their own script code to the
autogenerated broctl-config.bro script.
- There is a new BroControl plugin for custom load balancing. This
plugin can be used by setting "lb_method=custom" for your worker
nodes in node.cfg. To support packet source plugins, it allows
configuration of a prefix and suffix for the interface name.
- The networks.cfg file now contains private IP space 172.16.0.0/12 by
- Upon startup, if broctl can't get IP addresses from the "ifconfig"
command for any reason, then broctl will now also try to use the "ip"
- BroControl will now automatically search the Bro plugin directory
for BroControl plugins (in addition to all the other places where
BroControl searches). This enables automatic loading of BroControl
plugins that are provided by a Bro plugin.
- Changed the default value of the StatusCmdShowAll option so that
the "broctl status" command runs faster. This also means that there
is no longer a "Peers" column in the status output by default.
- Users can now specify a more granular log expiration interval.
The BroControl option LogExpireInterval can be set to an arbitrary
time interval instead of just an integer number of days. The time
interval is specified as an integer followed by a time unit: "day",
"hr", or "min". For backward compatibility, an integer value without
a time unit is still interpreted as a number of days.
- Changed the text of crash report emails. Now crash reports tell the
user to forward the mail to the Bro team only when a backtrace is
included in the crash report. If there is no backtrace, then the
crash report includes instructions on how to get backtraces
included in future crash reports.
More information about the bro-dev