More questions

I figured out that I'm going to have to write a FreeBSD-type startup script to replace bro.rc, so that problem is "solved". I also figured out the syntax for the local.site.bro file and some fiddling around and reading.

Now I have another question - how do you daemonize bro? bro -h doesn't show a daemon switch (normally -D), and when I run it, even without the debug switch, it does not daemonize. Obviously, from the cmdline I can use &, but that is not available from a startup script. What's the normal convention?

Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Now I have another question - how do you daemonize bro?

There's no mechanism beyond '&' from a shell. I'm confused by your
statement that this isn't available from a startup script, since we
routinely run shell scripts (that then background things) on our
FreeBSD systems upon startup.

    Vern

I figured it out. I can't use a standard rc.subr script to start bro. I have to use bro.rc.

Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Hello Paul,

You're right, using "bro.rc" is the best way to run the IDS (as far i
know).

I usually use it on OpenBSD as-is and have no problems.

Best regards,

Jean-philippe.