[Bro] BroCtl plugin - Hooking into install command (UNCLASSIFIED)
Thayer, Daniel N
dnthayer at illinois.edu
Tue Apr 26 07:46:52 PDT 2016
The problem here is that broctl reads the config files when broctl starts up, not
when the "install" command is run, so by the time your pre-install plugin
runs, the config files have already been read.
________________________________________
From: bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Knick, Scott E CTR (US) [scott.e.knick.ctr at mail.mil]
Sent: Tuesday, April 26, 2016 2:27 AM
To: bro at bro.org
Subject: [Bro] BroCtl plugin - Hooking into install command (UNCLASSIFIED)
CLASSIFICATION: UNCLASSIFIED
I've developed a custom BroCtl plugin which attempts to hook into the install command before it executes (i.e., I'm overriding cmd_install_pre()) so that a configuration defined elsewhere in /usr/local/etc can be read and the various Bro configuration files (e.g., node.cfg, networks.cfg, etc.) can be adjusted as a result. This basically works, but I have noticed that it seems like I have to run broctl install *twice* in order to make BroCtl and/or Bro realize the new configuration. Otherwise, Bro crashes and BroCtl tells me to look at the diagnostics using the diag command when I do a broctl start. The actual error messages vary but they all seem to suggest that something in Bro isn't reading in my new configuration as defined in the various Bro configuration files. I have verified that those files are actually updated to what I want prior to running broctl start.
Any ideas what might be going on? Am I missing something?
--
Scott Knick
CLASSIFICATION: UNCLASSIFIED
More information about the Bro
mailing list