[Bro] Bro and systemd without broctl

James Lay jlay at slave-tothe-box.net
Sun Jul 1 14:42:05 PDT 2018 

Not that I know of.  Using bro proper is different then using
broctl...there were several broctl systemd service examples when I
looked, one being:

https://gist.github.com/JustinAzoff/db71b901b1070a88f2d72738bf212749

my requirements were different however.

James


On Sun, 2018-07-01 at 12:44 -0700, Michał Purzyński wrote:
> Startbro won’t start a cluster correctly, will it?
> On Jul 1, 2018, at 10:47 AM, James Lay <jlay at slave-tothe-box.net>
> wrote:
> 
> > Solved:
> > 
> > [Unit]
> > Description=Bro
> > After=syslog.target network.target
> > 
> > 
> > [Service]
> > Type=oneshot
> > ExecStart=/opt/bin/startbro
> > RemainAfterExit=true
> > ExecStop=/usr/bin/killall bro
> > StandardOutput=journal
> > 
> > 
> > [Install]
> > WantedBy=multi-user.target
> > 
> > 
> > /opt/bin/startbro is similar to the bro line below.  
> > 
> > James
> > 
> > On Thu, 2018-06-28 at 18:59 -0600, James Lay wrote:
> > > Hey all,
> > > 
> > > So...I run a very lean box, and that means not using
> > > broctl.  With older versions of linux rc.local was just fine to
> > > get a script to start bro, but with systemd it's not the
> > > same.  My startup script is similar to the below:
> > > 
> > > cd /opt/bro/spool/bro && /opt/bro/bin/bro -C -i eth0 -i eth1 --
> > > filter 'long filter option here' local "Site::local_nets += {
> > > externalIP,internatNET }" &
> > > 
> > > This has worked like a champ but this command in a .service file
> > > or the .service file pointing to a script that contains the above
> > > does not work.  So I have a couple points/questions:
> > > 
> > > 1.  Has anyone worked out a systemd .service file with bro that
> > > doesn't use broctl?
> > > 
> > > 2.  It would be nice to have a command line flag that can be used
> > > to specify the log path, this way I could forgo the cd command
> > > above.
> > > 
> > > Thank you.
> > > 
> > > James
> > > _______________________________________________Bro mailing
> > > listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listi
> > > nfo/bro
> > 
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180701/1d77c09c/attachment.html

More information about the Bro mailing list