[Bro] Bro and systemd without broctl

James Lay jlay at slave-tothe-box.net
Tue Jul 3 10:53:40 PDT 2018


Justin where were you when I needed you :P  Thanks I'll use your version 
instead :)

James

On 2018-07-02 07:04, Azoff, Justin S wrote:
>> On Jul 1, 2018, at 1:47 PM, James Lay <jlay at slave-tothe-box.net> 
>> wrote:
>> 
>> Solved:
>> 
>> [Unit]
>> Description=Bro
>> After=syslog.target network.target
>> 
>> [Service]
>> Type=oneshot
>> ExecStart=/opt/bin/startbro
>> RemainAfterExit=true
>> ExecStop=/usr/bin/killall bro
>> StandardOutput=journal
>> 
>> [Install]
>> WantedBy=multi-user.target
>> 
>> /opt/bin/startbro is similar to the bro line below.
> 
> That's not the best way to do that, you want something like this:
> 
> [Unit]
> Description=Bro
> After=syslog.target network.target
> 
> [Service]
> Type=simple
> WorkingDirectory=/opt/bro/spool/bro
> EnvironmentFile=/etc/default/bro
> ExecStart=/opt/bro/bin/bro $BRO_ARGS
> Restart=on-failure
> RestartSec=10s
> 
> [Install]
> WantedBy=multi-user.target
> 
> where /etc/default/bro contains the
> 
> BRO_ARGS=-C -i eth0 -i eth1 --filter 'long filter option here' local
> "Site::local_nets += { externalIP,internatNET }"
> 
> 
> 
>> Justin Azoff


More information about the Bro mailing list