broctl (8) - Linux Manuals

broctl: interactive shell for managing Bro installations

Command to display broctl manual in Linux: $ man 8 broctl

NAME

broctl - interactive shell for managing Bro installations

SYNOPSIS

broctl [command]

DESCRIPTION

broctl is an interactive interface for managing either a standalone or a Bro cluster installation. If a broctl command is specified directly on the command-line, then broctl performs the action associated with that command immediately (instead of running the interactive interface).

Before actually running broctl you first need to edit the broctl.cfg, node.cfg, and networks.cfg files. In the broctl.cfg file, you should review the broctl options and make sure the options are set correctly for your environment. Next, edit the node.cfg file and specify the nodes that you will be running. Finally, edit the networks.cfg file and list each network that is considered local to the monitored environment (see the examples in the file for the format to use).

When running broctl for the first time, you must run the broctl deploy command before running any other commands in order to apply the configuration settings. You must also run broctl deploy each time you change the configuration (including any Bro scripts) or upgrade Bro.

OPTIONS

capstats [<nodes>] [<secs>]: Report interface statistics with capstats
check [<nodes>]: Check configuration before installing it
cleanup [--all] [<nodes>]: Delete working dirs (flush state) on nodes
config: Print broctl configuration
cron [--no-watch]: Perform jobs intended to run from cron
cron enable|disable|?: Enable/disable "cron" jobs
deploy: Check, install, and restart
df [<nodes>]: Print nodes' current disk usage
diag [<nodes>]: Output diagnostics for nodes
exec <shell cmd>: Execute shell command on all hosts
exit: Exit from the interactive interface
install: Update broctl installation/configuration
netstats [<nodes>]: Print nodes' current packet counters
nodes: Print node configuration
peerstatus [<nodes>]: Print status of nodes' remote connections
print <id> [<nodes>]: Print values of script variable at nodes
process <trace> [<op>] [-- <sc>]: Run Bro (with options and scripts) on trace
restart [--clean] [<nodes>]: Stop and then restart processing
scripts [-c] [<nodes>]: List the Bro scripts the nodes will load
start [<nodes>]: Start processing
status [<nodes>]: Summarize node status
stop [<nodes>]: Stop processing
top [<nodes>]: Show Bro processes ala top
update [<nodes>]: Update configuration of nodes on the fly

Commands provided by plugins:

ps.bro [<nodes>]: Show Bro processes on nodes' systems

AUTHOR

broctl was written by The Bro Project <info [at] bro.org>.