Bro and systemd without broctl

Hey all,

So…I run a very lean box, and that means not using broctl. With older versions of linux rc.local was just fine to get a script to start bro, but with systemd it’s not the same. My startup script is similar to the below:

cd /opt/bro/spool/bro && /opt/bro/bin/bro -C -i eth0 -i eth1 --filter ‘long filter option here’ local “Site::local_nets += { externalIP,internatNET }” &

This has worked like a champ but this command in a .service file or the .service file pointing to a script that contains the above does not work. So I have a couple points/questions:

  1. Has anyone worked out a systemd .service file with bro that doesn’t use broctl?

  2. It would be nice to have a command line flag that can be used to specify the log path, this way I could forgo the cd command above.

Thank you.

James

Solved:

[Unit]
Description=Bro
After=syslog.target network.target

[Service]
Type=oneshot
ExecStart=/opt/bin/startbro
RemainAfterExit=true
ExecStop=/usr/bin/killall bro
StandardOutput=journal

[Install]
WantedBy=multi-user.target

/opt/bin/startbro is similar to the bro line below.

James

Startbro won’t start a cluster correctly, will it?

Not that I know of. Using bro proper is different then using broctl…there were several broctl systemd service examples when I looked, one being:

https://gist.github.com/JustinAzoff/db71b901b1070a88f2d72738bf212749

my requirements were different however.

James

That's not the best way to do that, you want something like this:

[Unit]
Description=Bro
After=syslog.target network.target

[Service]
Type=simple
WorkingDirectory=/opt/bro/spool/bro
EnvironmentFile=/etc/default/bro
ExecStart=/opt/bro/bin/bro $BRO_ARGS
Restart=on-failure
RestartSec=10s

[Install]
WantedBy=multi-user.target

where /etc/default/bro contains the

BRO_ARGS=-C -i eth0 -i eth1 --filter 'long filter option here' local "Site::local_nets += { externalIP,internatNET }"

Justin where were you when I needed you :stuck_out_tongue: Thanks I'll use your version instead :slight_smile:

James