A consistent order of precedence for broctl options

Ticket [837] came up in discussion today. It does not appear that this issue was ever resolved. However, I think it is just a specific instance of a more general problem. We don't have any well-defined order of precedence for broctl options, and that leads to ambiguity and frustration (If I am wrong, someone please clarify it in documentation and we can answer this ticket in a consistent way).

I hope we can at least agree on two points. First, there should be a well-defined precedence that is documented and followed as uniformly as possible. If you're on board with that, do you agree with my second assertion that broctl should get the last word and override all others?

Maybe as a first step we could list all the places and ways such settings could be made, and then work to order that list?

:Adam Slagell

[837] http://tracker.bro-ids.org/bro/ticket/837

Out of the 60+ broctl options that currently exist, there are 8 or so
of them that could clash with values defined in a bro script
(confusingly, the bro script variable name is usually different
than the name of the corresponding broctl option).
Currently, in such a case the broctl option value will be used
instead of the corresponding bro script variable. The only
exception is if the "aux_scripts" option is defined in etc/node.cfg,
and then only if such an aux. script contains a variable that
overrides a broctl option.

I have already improved the broctl README document (although this is
not currently visible on the bro web site due to an issue with
updates not appearing) to better explain the load order (in the
"Site-specific Customization" section), but it might also be
useful to add a note in the "Option Reference" section for each
broctl option that can be set via a bro script variable (for example,
"this option overrides the bro script variable 'default_rotation_interval'").
We may also want to switch the load order so that broctl options
will override the aux_scripts (if any).

I hope we can at least agree on two points. First, there should be a
well-defined precedence that is documented and followed as uniformly
as possible.

Agreed.

If you're on board with that, do you agree with my second assertion
that broctl should get the last word and override all others?

Yeah, agreed as well, though somewhat reluctantly. :slight_smile: What I wrote in
http://tracker.bro-ids.org/bro/ticket/837#comment:7 would work as well
I think[1], but it doesn't really look worth the effort.

[1] Could be done by printing out the values and compare with what
BroControl would expect.

"Site-specific Customization" section), but it might also be
useful to add a note in the "Option Reference" section for each
broctl option that can be set via a bro script variable (for example,
"this option overrides the bro script variable
'default_rotation_interval'").

We should then also do that the other way: add a note to the script
doc saying that if using BroControl, it will override the value with
its option.

And yeah, renaming the options to be consistent would be good too
then.

So, I'm on board. :slight_smile:

Robin