Provided by: broctl_1.4-1_all
broctl - interactive shell for managing Bro installations
broctl is an interactive interface for managing a Bro installation which allows you to, e.g., start/stop the monitoring or update its configuration. Before actually running broctl you first need to edit the broctl.cfg , node.cfg , and networks.cfg files. In the broctl.cfg file, you should review the broctl options and make sure the options are set correctly for your environment. Next, edit the node.cfg file and specify the nodes that you will be running. Finally, edit the networks.cfg file and list each network (see the examples in the file for the format to use) that is considered local to the monitored environment.
capstats [<nodes>] [<secs>] Report interface statistics with capstats check [<nodes>] Check configuration before installing it cleanup [--all] [<nodes>] Delete working dirs (flush state) on nodes config Print broctl configuration cron [--no-watch] Perform jobs intended to run from cron cron enable|disable|? Enable/disable "cron" jobs df [<nodes>] Print nodes' current disk usage diag [<nodes>] Output diagnostics for nodes exec <shell cmd> Execute shell command on all hosts install Update broctl installation/configuration netstats [<nodes>] Print nodes' current packet counters nodes Print node configuration peerstatus [<nodes>] Print status of nodes' remote connections print <id> [<nodes>] Print values of script variable at nodes process <trace> [<op>] [-- <sc>] Run Bro (with options and scripts) on trace restart [--clean] [<nodes>] Stop and then restart processing scripts [-c] [<nodes>] List the Bro scripts the nodes will load start [<nodes>] Start processing status [<nodes>] Summarize node status stop [<nodes>] Stop processing top [<nodes>] Show Bro processes ala top update [<nodes>] Update configuration of nodes on the fly Commands provided by plugins: ps.bro [<nodes>] Show Bro processes on nodes' systems
broctl was written by The Bro Project <email@example.com>. This manual page was written by Raúl Benencia <firstname.lastname@example.org> for the Debian project (but may be used by others). November 2014 BROCTL(8)