[Bro] Bro and systemd without broctl
Azoff, Justin S
jazoff at illinois.edu
Mon Jul 2 06:04:58 PDT 2018
> On Jul 1, 2018, at 1:47 PM, James Lay <jlay at slave-tothe-box.net> wrote:
>
> Solved:
>
> [Unit]
> Description=Bro
> After=syslog.target network.target
>
> [Service]
> Type=oneshot
> ExecStart=/opt/bin/startbro
> RemainAfterExit=true
> ExecStop=/usr/bin/killall bro
> StandardOutput=journal
>
> [Install]
> WantedBy=multi-user.target
>
> /opt/bin/startbro is similar to the bro line below.
That's not the best way to do that, you want something like this:
[Unit]
Description=Bro
After=syslog.target network.target
[Service]
Type=simple
WorkingDirectory=/opt/bro/spool/bro
EnvironmentFile=/etc/default/bro
ExecStart=/opt/bro/bin/bro $BRO_ARGS
Restart=on-failure
RestartSec=10s
[Install]
WantedBy=multi-user.target
where /etc/default/bro contains the
BRO_ARGS=-C -i eth0 -i eth1 --filter 'long filter option here' local "Site::local_nets += { externalIP,internatNET }"
—
Justin Azoff
More information about the Bro
mailing list