Bro release 1.4 is now available from:
ftp://bro-ids.org/bro-1.4.tar.gz
This release includes significant new functionality as well as numerous
refinements and fixes, per the appended changelog entries.
Previous releases are available at http://www.bro-ids.org/download.html .
We do not anticipate making any further changes to them.
Vern
Congratulations for the new release. I was looking forward for this.
Reading changelog says brolite may be deprecated. I see current 1.4 release is missing ../etc/bro.rc, ../etc/bro.cfg and ../site/local.site.bro files amongst others even after running "make install-brolite".
Is there any other recommended way to start/stop/run bro ?
Thanks,
Aashish
Reading changelog says brolite may be deprecated. I see current
1.4 release is missing ../etc/bro.rc, ../etc/bro.cfg and
../site/local.site.bro files amongst others even after running
"make install-brolite".
Hmmm... We'll look into that to see if it's an easy fix to get these
installed by "make install-brolite".
Is there any other recommended way to start/stop/run bro ?
There's is nothigng which ships with 1.4 at this point but the
"Cluster Shell" we are working on has a "standalone mode" which
makes it suitable for normal, single-box installation as well. See
The ICSI Networking Group Blog: An Interactive Shell For Operating Bro Setups
This will likely become the standard installation scheme at some
point.
Robin
Reading changelog says brolite may be deprecated. I see current
1.4 release is missing ../etc/bro.rc, ../etc/bro.cfg and
../site/local.site.bro files amongst others even after running
"make install-brolite".Hmmm... We'll look into that to see if it's an easy fix to get these
installed by "make install-brolite".Is there any other recommended way to start/stop/run bro ?
There's is nothigng which ships with 1.4 at this point but the
"Cluster Shell" we are working on has a "standalone mode" which
makes it suitable for normal, single-box installation as well. SeeThe ICSI Networking Group Blog: An Interactive Shell For Operating Bro Setups
This will likely become the standard installation scheme at some
point.
I have been using the "cluster shell" with BRO 1.4. I recently needed to hook in a process I want to start when BRO starts. I happily modified etc/bro.rc-hooks.sh, but this doesn't work. It seems that the cluster shell does not use etc/bro.rc for BRO startup and shutdown.
Does the cluster shell have a mechanism (Er, hook) for starting an external process?
Thanks,
Randy
etc/bro.rc-hooks.sh, but this doesn't work. It seems that the cluster
shell does not use etc/bro.rc for BRO startup and shutdown.
That's right. If the cron job is set up as described in the
documentation, it will take care of restarting the cluster when the
system starts up.
Adding a bro.rc-like script which starts/stops the cluster directly
shouldn't be too hard though.
Does the cluster shell have a mechanism (Er, hook) for starting an external
process?
No, it hasn't but that would be an easy extension as well. What
exactly would you need? Just the capability to run an arbitrary
script whenever the cluster start/stop commands are performed? (And
if so, on any node's start/stop?)
Robin
It took me a bit to get back to this but there's now a patch for 1.4
at http://tracker.icir.org/bro/ticket/51 which I hope puts things
back into place for "make install-brolite". I would appreciate it if
somebody using BroLite could give it a try and let me know whether
this indeed fixes it. (Please add any feedback directly to the
tracker item).
Thanks,
Robin
P.S.: Please note that install-brolite remains deprecated and won't
see any further updates. This is just to avoid breaking existing
installations unnecessarily.