[Bro] configure problem

Fri Sep 17 10:58:21 PDT 2004

> In short,  "./make install" fails because the file:
> "scripts/bro.cfg.example" is missing.

Here's the file.  It's also been fixed to be included in the next
distribution.

		Vern

# Source file config for running bro

# On a linux system this file will normally exist in /etc/sysconfig
# and will have the same filename as the RC start script which calls it.

# On a FreeBSD machine this file will normally reside in /usr/local/etc
# and will have the same filename as the RC start script which calls it.

# The following variables are exported and needed by Bro at runtime
# These are mostly undocumented. arrrrrr!!!!!!
# BROLOGS
# BROHOME
# BROPATH

# host only format
BRO_HOSTNAME=`hostname | awk -F. ' { print  } '`
# FQDN format
# HOSTNAME=`hostname`

# Directory containing Bro binaries
BRO_BIN_DIR="${BROHOME}/bin"

# Filename of the Bro start policy
# START_POLICY="default.bro"
BRO_START_POLICY="brolite.bro"

# Directory containing Bro logs
BROLOGS="${BROHOME}/logs"
export BROLOGS

# Log archive directory
BRO_LOG_ARCHIVE="${BROHOME}/archive"

# Directory containing Bro signature files
BRO_SIG_DIR="${BROHOME}/local/sigs"

# Bro policy paths
BROPATH="${BROHOME}/policy:${BROHOME}/policy/local:${BROHOME}/policy/local-priv:${BROHOME}/local/policy:${BROHOME}/site"
export BROPATH

# Location of site specific policy and configurations
BROSITE="${BROHOME}/site"

# Location of host specific policy and configurations
BROHOST="${BROHOME}/host"

# A prefix to use when looking for local policy files to load.
# BRO_PREFIX="local"

# Location of the Bro executable
BRO="${BRO_BIN_DIR}/bro"

# Base command line options.
BRO_ADD_OPTS=" -W"
# Turn on Bro's Watchdog feature
BRO_OPTS="${BRO_ADD_OPTS}"

# Interface name to listen on.  The default is to use the busiest one found.
BRO_CAPTURE_INTERFACE=""
# Multiple interface should be specified as a space delimited list.
# Examples: 
#   CAPTURE_INTERFACE="sk0 sk1 sk5"
#   CAPTURE_INTERFACE="eth0 eth3"
#   CAPTURE_INTERFACE="eth0"

# If set to YES and there are any signature files ending with .bro in $SIG_DIR
# then they will be started with bro.  Set to NO to disable signatures
# Set to YES to enable bro to run with 'signature matching' on (YES/NO)
BRO_USE_SIGNATURES=YES

# Shoud a trace (tcpdump) file be created in the log directory (YES/NO)
BRO_CREATE_TRACE_FILE=NO

# How long to wait during checkpointing after startin a new Bro process and
# stopping the old one.  This value is in seconds
BRO_CHECKPOINT_OVERLAP_TIME=20

# Starting time for a report run (0001 is 12:01 am and 1201 is 12:01pm)
BRO_REPORT_START_TIME=0000

# How often (in hours) to generate an activity report
BRO_REPORT_INTERVAL=24

# This is the how often to rotate the logs (in hours)
BRO_LOG_ROTATE_INTERVAL=24

# This is the how often to restart bro (in hours)
BRO_CHECKPOINT_INTERVAL=24

# The maximum time allowed for a Bro process to cleanup and exit
# This value is in seconds
BRO_MAX_SHUTDOWN_TIME=$(( 60 * 60 * 2 ))    # 2 hours

# Use this to enable the init script to autorestart Bro in the event of an
# unexpected shutdown.  The value should be YES or NO
BRO_ENABLE_AUTORESTART="YES"

# Maximum times to try to auto-restart Bro before giving up.
# This is used by the bro-autorestart.sh script.
BRO_MAX_RESTART_ATTEMPTS=5

# Location of the run-time variable directory.  This is normally /var/run/bro
# and contains the pidfile and other temporal data. 
BRO_RUNTIME_DIR="/var/run/bro" 

# Email address for local reports to be mailed to
BRO_EMAIL_LOCAL="bro at localhost"

# Do you want to send external reports to a incident reporting org (e.g.: CERT, CIAC, etc)
BRO_EMAIL_EXTERNAL="NO"

# Email address for remote reports to be mailed to
BRO_EMAIL_REMOTE="BRO-IDS at bro-ids.org"

# User id to install and run Bro under
BRO_USER_ID="bro"

# Site name for reports (i.e. LBNL, FOO.COM, BAZ.ORG)
BRO_SITE_NAME=""

# Do you want to encrypt email reports (YES/NO)
BRO_ENCRYPT_EMAIL="NO"

# Location of GPG binary or encrypting email
BRO_GPG_BIN="/usr/local/bin/gpg"