Hi All,
I spent a bit of time coding up a replacement for the bro.rc script (in C, instead of shell or Perl code) due to our issues with it here at UCSF.
Basically, bw (Bro Watcher) handles only: Start, Stop and Checkpointing of the Bro process. It watches for Bro and if it dies it cleans up and restarts cleanly. It reads in a bw.cfg file and then instantiates bro, assuming bw.cfg has all of the correct stuff.
It cleans itself up nicely, is small, and responds to kill signals (1/HUP causes an immediate checkpointing to occur, kill alone kills both bw and any running bro process, a 9 signal causes bw to leave bro running while killing itself.
This is a preliminary version, but works fairly well and we are testing it out currently. I wanted to release it to get any feedback or improvements, ideas, etc. I hope it is useful to others.
Please let me know what thoughts folks have about the framework, code, etc.
The code is available here:
http://sourceforge.net/projects/bro-tools/
Cheers!
–Christopher