New Functionality ----------------- - There is a new node type "logger" that can be specified in node.cfg (that file has a commented-out example). The purpose of this new node type is to receive logs from all nodes in a cluster in order to reduce the load on the manager node. However, if there is no "logger" node, then the manager node will handle logging as usual. - The post-terminate script will send email if it fails to archive any log files. These mails can be turned off by changing the value of the new BroControl option MailArchiveLogFail. - Added the ability for "broctl deploy" to reload the BroControl configuration (both broctl.cfg and node.cfg). This happens automatically if broctl detects any changes to those config files since the last time the config was loaded. Note that this feature is relevant only when using the BroControl shell interactively. - The BroControl plugin API has a new function "broctl_config". This gives plugin authors the ability to add their own script code to the autogenerated broctl-config.bro script. - There is a new BroControl plugin for custom load balancing. This plugin can be used by setting "lb_method=custom" for your worker nodes in node.cfg. To support packet source plugins, it allows configuration of a prefix and suffix for the interface name. Changed Functionality --------------------- - The networks.cfg file now contains private IP space 172.16.0.0/12 by default. - Upon startup, if broctl can't get IP addresses from the "ifconfig" command for any reason, then broctl will now also try to use the "ip" command. - BroControl will now automatically search the Bro plugin directory for BroControl plugins (in addition to all the other places where BroControl searches). This enables automatic loading of BroControl plugins that are provided by a Bro plugin. - Changed the default value of the StatusCmdShowAll option so that the "broctl status" command runs faster. This also means that there is no longer a "Peers" column in the status output by default. - Users can now specify a more granular log expiration interval. The BroControl option LogExpireInterval can be set to an arbitrary time interval instead of just an integer number of days. The time interval is specified as an integer followed by a time unit: "day", "hr", or "min". For backward compatibility, an integer value without a time unit is still interpreted as a number of days. - Changed the text of crash report emails. Now crash reports tell the user to forward the mail to the Bro team only when a backtrace is included in the crash report. If there is no backtrace, then the crash report includes instructions on how to get backtraces included in future crash reports.