From 4b8171f74a18d28a51625d40861c57ac478c9ab4 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 22 Oct 2013 16:40:29 -0500 Subject: [PATCH] Document which Bro script vars are set by BroControl --- scripts/base/frameworks/cluster/main.bro | 1 + scripts/base/frameworks/communication/main.bro | 8 ++++++-- scripts/base/frameworks/logging/main.bro | 9 ++++++++- scripts/base/frameworks/notice/actions/pp-alarms.bro | 2 ++ scripts/base/frameworks/notice/main.bro | 9 +++++++++ scripts/base/utils/site.bro | 3 ++- 6 files changed, 28 insertions(+), 4 deletions(-) diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro index 0ff0f47fa7..12cc9e27d4 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.bro @@ -120,6 +120,7 @@ export { ## The cluster layout definition. This should be placed into a filter ## named cluster-layout.bro somewhere in the BROPATH. It will be ## automatically loaded if the CLUSTER_NODE environment variable is set. + ## Note that BroControl handles all of this automatically. const nodes: table[string] of Node = {} &redef; ## This is usually supplied on the command line for each instance diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro index 47b4120e54..92d527101d 100644 --- a/scripts/base/frameworks/communication/main.bro +++ b/scripts/base/frameworks/communication/main.bro @@ -15,13 +15,16 @@ export { ## are wildcards. const listen_interface = 0.0.0.0 &redef; - ## Which port to listen on. + ## Which port to listen on. Note that BroControl sets this + ## automatically. const listen_port = 47757/tcp &redef; ## This defines if a listening socket should use SSL. const listen_ssl = F &redef; ## Defines if a listening socket can bind to IPv6 addresses. + ## + ## Note that this is overridden by the BroControl IPv6Comm option. const listen_ipv6 = F &redef; ## If :bro:id:`Communication::listen_interface` is a non-global @@ -128,7 +131,8 @@ export { }; ## The table of Bro or Broccoli nodes that Bro will initiate connections - ## to or respond to connections from. + ## to or respond to connections from. Note that BroControl sets this + ## automatically. global nodes: table[string] of Node &redef; ## A table of peer nodes for which this node issued a diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro index 476d314523..c068866f63 100644 --- a/scripts/base/frameworks/logging/main.bro +++ b/scripts/base/frameworks/logging/main.bro @@ -76,9 +76,16 @@ export { }; ## Default rotation interval. Zero disables rotation. + ## + ## Note that this is overridden by the BroControl LogRotationInterval + ## option. const default_rotation_interval = 0secs &redef; - ## Default alarm summary mail interval. Zero disables alarm summary mails. + ## Default alarm summary mail interval. Zero disables alarm summary + ## mails. + ## + ## Note that this is overridden by the BroControl MailAlarmsInterval + ## option. const default_mail_alarms_interval = 0secs &redef; ## Default naming format for timestamps embedded into filenames. diff --git a/scripts/base/frameworks/notice/actions/pp-alarms.bro b/scripts/base/frameworks/notice/actions/pp-alarms.bro index 2b3b2d8b08..453c82e3d1 100644 --- a/scripts/base/frameworks/notice/actions/pp-alarms.bro +++ b/scripts/base/frameworks/notice/actions/pp-alarms.bro @@ -13,6 +13,8 @@ export { ## Address to send the pretty-printed reports to. Default if not set is ## :bro:id:`Notice::mail_dest`. + ## + ## Note that this is overridden by the BroControl MailAlarmsTo option. const mail_dest_pretty_printed = "" &redef; ## If an address from one of these networks is reported, we mark ## the entry with an additional quote symbol (i.e., ">"). Many MUAs diff --git a/scripts/base/frameworks/notice/main.bro b/scripts/base/frameworks/notice/main.bro index fbd55c6de7..a5f17a4979 100644 --- a/scripts/base/frameworks/notice/main.bro +++ b/scripts/base/frameworks/notice/main.bro @@ -182,17 +182,26 @@ export { global policy: hook(n: Notice::Info); ## Local system sendmail program. + ## + ## Note that this is overridden by the BroControl SendMail option. const sendmail = "/usr/sbin/sendmail" &redef; ## Email address to send notices with the ## :bro:enum:`Notice::ACTION_EMAIL` action or to send bulk alarm logs ## on rotation with :bro:enum:`Notice::ACTION_ALARM`. + ## + ## Note that this is overridden by the BroControl MailTo option. const mail_dest = "" &redef; ## Address that emails will be from. + ## + ## Note that this is overridden by the BroControl MailFrom option. const mail_from = "Big Brother " &redef; ## Reply-to address used in outbound email. const reply_to = "" &redef; ## Text string prefixed to the subject of all emails sent out. + ## + ## Note that this is overridden by the BroControl MailSubjectPrefix + ## option. const mail_subject_prefix = "[Bro]" &redef; ## The maximum amount of time a plugin can delay email from being sent. const max_email_delay = 15secs &redef; diff --git a/scripts/base/utils/site.bro b/scripts/base/utils/site.bro index 9edefe6a8e..f90da4cdf2 100644 --- a/scripts/base/utils/site.bro +++ b/scripts/base/utils/site.bro @@ -17,7 +17,8 @@ export { [::1]/128, } &redef; - ## Networks that are considered "local". + ## Networks that are considered "local". Note that BroControl sets + ## this automatically. const local_nets: set[subnet] &redef; ## This is used for retrieving the subnet when using multiple entries in