[Bro] Bro and systemd without broctl
Michał Purzyński
michalpurzynski1 at gmail.com
Sun Jul 1 12:44:55 PDT 2018
Startbro won’t start a cluster correctly, will it?
> On Jul 1, 2018, at 10:47 AM, James Lay <jlay at slave-tothe-box.net> wrote:
>
> Solved:
>
> [Unit]
> Description=Bro
> After=syslog.target network.target
>
> [Service]
> Type=oneshot
> ExecStart=/opt/bin/startbro
> RemainAfterExit=true
> ExecStop=/usr/bin/killall bro
> StandardOutput=journal
>
> [Install]
> WantedBy=multi-user.target
>
> /opt/bin/startbro is similar to the bro line below.
>
> James
>
>> On Thu, 2018-06-28 at 18:59 -0600, James Lay wrote:
>> Hey all,
>>
>> So...I run a very lean box, and that means not using broctl. With older versions of linux rc.local was just fine to get a script to start bro, but with systemd it's not the same. My startup script is similar to the below:
>>
>> cd /opt/bro/spool/bro && /opt/bro/bin/bro -C -i eth0 -i eth1 --filter 'long filter option here' local "Site::local_nets += { externalIP,internatNET }" &
>>
>> This has worked like a champ but this command in a .service file or the .service file pointing to a script that contains the above does not work. So I have a couple points/questions:
>>
>> 1. Has anyone worked out a systemd .service file with bro that doesn't use broctl?
>>
>> 2. It would be nice to have a command line flag that can be used to specify the log path, this way I could forgo the cd command above.
>>
>> Thank you.
>>
>> James
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180701/a7f5fc8c/attachment.html
More information about the Bro
mailing list