
0.41-145 | 2011-10-26 13:59:58 -0700

  * Updating submodule(s). (Robin Sommer)

0.41-143 | 2011-10-26 10:15:16 -0500

  * Update submodules. (Jon Siwek)

0.41-142 | 2011-10-25 20:17:25 -0700

  * Updating submodule(s). (Robin Sommer)

0.41-137 | 2011-10-25 15:44:18 -0700

  * Updating CHANGES and VERSION. (Robin Sommer)

  * Make dist now cleans the copied source. (Jon Siwek)

0.41-130 | 2011-10-18 08:03:35 -0700

  * Distribution cleanup and some README fixes. (Robin Sommer)

  * Fixed a bug caused by communication framework API update. Reported
    by Daniel. (Seth Hall)

0.41-128 | 2011-10-06 17:23:03 -0700

  * Change broctl.cfg LogRotationInterval to be specificed in seconds. (Jon Siwek)

  * Force broctl 'process' command to enable local logging. Addresses
    #632 (Jon Siwek)

0.41-124 | 2011-10-05 16:58:10 -0700

   * New broctl.cfg option for log rotation interval. Addresses #630.
     (Jon Siwek)

   * Removed some of the broct/nodes/* scripts and instead
     consolidated their functionality into the node-specific scripts
     that come with Bro's cluster framework. (Jon Siwek)

   * Within the cluster framework, local-<node>.bro scripts should now
     be loaded after the distributions <node>.bro script so things can
     be overrided. (Jon Siwek)

   * Auto-generated broctl scripts are loaded after all node-specific
     scripts and can override their options. (Jon Siwek)

  * Move configuration of PFRINGClusterID from broctl.cfg.in to
    options.py. Addresses #621. (Jon Siwek)

  * Add configure-time check for libpcap PF_RING support. Addresses
    #621 (Jon Siwek)

  * Fixing typo with process command. (Robin Sommer)

  * Script cleanup.  (Seth Hall)

    - Reshuffling "check" functionality into check.bro.

    - Removing some code to deal with the non-existent react framework.

  * Give check command its own script for tuning options. Addresses
    #618). (Jon Siwek)

  * Stop and restart command now stop worker nodes first. Addresses
    #596. (Jon Siwek)

  * broctl check no longer rotates logs. Addresses #618. (Jon Siwek)

0.41-101 | 2011-09-08 02:20:28 -0400

  * Implementing PF_RING environment variables. (Seth Hall)

0.41-99 | 2011-09-04 09:08:59 -0700

  * Added --with-pcap configure option. (Jon Siwek)

  * Various smaller tweaks to CMake setup. (Jon Siwek)

  * Removed alarm log mailing postprocessing script from BroControl.
    (Jon Siwek)

  * Log rotation is disabled when using the 'process' command to
    analyze trace files. (Jon Siwek)

  * Fixed 'scripts' command. (Jon Siwek)

  * Fixed inconsistent rotated-log naming. (Jon Siwek)

  * Changed the 'mail-log' postprocessor to mail alarm.log's. (Jon
    Siwek)

  * Fix Config.state key capitalization inconsistencies. (Jon Siwek)

  * Fixes for broctl 'check' command. Addresses #548. (Seth Hall and
    Jon Siwek)

  * Updated README. (Jon Siwek)

  * Copy bro binary only in NFS mode (fixes #361). (Jon Siwek)

  * Fix install command failing because of missing parent dirs. (Jon Siwek)

  * Removing the analysis.dat file since it's not used anymore. (Seth Hall)

  * Better informational output if attempt to remove old scripts
    before installing new ones failes. Addresses #470. (Craig Leres)

  * Updating log rotation support for the new logging rotation code.
    (Seth Hall)

  * Updates for cleanup and meshing with Bro reorg. (Seth Hall)

0.41-73 | 2011-08-13 12:14:28 -0700

  * Moving README*. into subdir doc. The top-level README is now
    auto-generated. (Robin Sommer)

0.41-68 | 2011-08-05 12:49:30 -0700

  * Install example config files dynamically when the distribution
    version differs from existing version on disk. (Jon Siwek)

0.41-63 | 2011-08-03 22:10:40 -0700

  * Revamped how the work is split between Bro and BroControl. Much of
    functionality previously found in BroControl policy scripts has
    moved over to Bro. (Seth Hall)

  * Adapted BroControl to Bro 2.0 policy scripts.

  * A new plugin interface allows external Python code to hook into
    BroControl processing. See README for more information. (Robin
    Sommer)

    Two example plugins are shipped: (1) "ps.bro" shows all Bro
    processes currently running on any cluster node, even if not
    managed by BroControl; (2) "TestPlugin" is a demo plugin
    demonstrating all the functionality a plugin can use (but doesn't
    do anything sensible with it).

  * A new offline mode for processing a trace. The new command
    "process <trace>" runs Bro offline on the given trace, using the
    current BroControl configuration. One can optionally give give
    further Bro command line options and scripts. In cluster mode the
    the Bro process loads both manager and worker configurations
    simultaniously.

    Addresses #273. (Robin Sommer)

  * Removed the "analysis" command. (Seth Hall)

  * Installation does no longer differentiate between standalone and
    cluster mode. node.cfg now fully controls this. (Seth Hall)

  * Tons of little fixes, improvements, and polishing (Seth Hall, Jon
    Siwek, and Robin Sommer)

0.41-9 | 2011-06-01 11:35:36 -0700

  * Standardize shell script hashbang on install. (Jon Siwek)

  * Fix binary package broctl-config.sh symlink installation
    regression. (Jon Siwek)

  * Changes to allow DEB packaging via CPack, addresses #458. (Jon Siwek)

  * Fixed a problem with the "update" command, which could delete data
    from many global state tables unintentionally. (Seth Hall)

0.41-2 | 2011-05-02 11:29:07 -0700

  * Symlink install scripted at install time for CMake 2.6
    compatibility. (Jon Siwek)

0.41 | 2011-04-07 21:14:53 -0700

  * Tweaks to the documentation generation. (Robin Sommer)

  * CMake tweaks. (Jon Siwek)

  * Bugfix: trace-summary sampled in standalone mode rather than cluster
    mode. (Robin Sommer)

  * Bugfix: Creating links from the log directory to the current log files
    didn't work in standalone mode. (Robin Sommer)

0.4-19 | 2011-01-31 15:26:48 -0800

  * A new option CompressLogs (default on), indicating whether
    archived logs are to be gzipped. (Robin Sommer)

  * A lot of configure/cmake/install/package tuning. (Jon Siwek)

  * Adding /sbin and /usr/sbin to path local-interfaces script
    searches for ifconfig. Closes #293. (Robin Sommer)

  * Fixing uncaught exception in lock file handling. (Seth Hall).

  * Making cluster event specifications redefinable. (Seth Hall).

  * Fixing for pretty printing numerical values. (Seth Hall).

  * Fixing "netstats" command distinction between cluster and
    standalone mode. (Justin Azoff)

0.4-10 | 2011-01-15 14:14:05 -0800

  * Changes for CPack binary packaging (Jon Siwek)

  * Fix package configuration macro returning from sub-project too early (Jon Siwek)

  * Add warning when building and installing are done by different users (Jon Siwek)

  * Changes to broctl's "make install" process (Jon Siwek)

    - Simplify install by not compiling python code.
    - The broctl-config.sh symlink needs to be made at configure time
      and install()'ed in order for CPack packaging to correctly bundle it
    - Reverted a change in (90ddc4d) to that caused spool/ and logs/
      directories to not be installed in the case that they existed at
      configure time.

  * Fix for PackageMaker not accepting non-numeric versions (Jon Siwek)

0.4-9 | 2011-01-12 08:51:11 -0800

  * Making df portably deal with long lines in the OS's df output.
    (Robin Sommer)

0.4-8 | 2011-01-04 20:30:41 -0800

  * Changing some installation paths. "broctl install" copied a
    number of files to share/bro/*, which violates the common
    assumption that things there are static. It can also create
    permission problems if the user running "broctl install" is not
    the one installing Bro. So now the pieces copied/generated by
    "broctl install" are moved to spool/*. (Robin Sommer)

  * The CMake install does no longer recreate some of the top-level
    directories when they already exist. That makes it possible to
    now symlink them somewhere else after the first install. (Robin
    Sommer)

  * When broctl doesn't find spool/broctl.dat it no longer aborts
    but just warns. That allows CMake to skip installing an empty
    one. (Robin Sommer)

  * Deleting an unused policy file. (Robin Sommer)

  * Updating update-changes script. (Robin Sommer)

0.4-5 | 2010-12-20 14:10:25 -0800 | 768a9e550c3554de2e0bf9e3af2ae99400203046

  * New helper script for maintaing CHANGES file. (Robin Sommer)

0.4-1 | 2010-12-20 12:03:34 -0800 | a05be1242b4e06dca1bb1a38ed871e7e2d78181b

  * Fix for dealing with large vsize values reported by "top" (Craig
    Leres)

  * Fixed the top helper script to assign the command variable
    appropriately. (Seth Hall)

  * Escape commands given to CMake's execute_process (Jon Siwek)

0.4 | Fri Dec 10 01:35:36 2010 -0800 | df922e8a64a631aadb485b5044fe9ae1046d47ca

- Moving BroControl to its own git repository.

- Converting README to reST format.

- Renamed "Capstats" config option to "CapstatsPath".

- Merge with Subversion repository as of r7098. Incorporated changes:

  o Increasing default timeouts for scan detector significantly.

  o Increasing the manager's max_remote_events_processed to
    something large, as it would slow down the process too much
    otherwise and there's no other work to be interleaved with it
    anyway.

  o Adding debug output to cluster's part of catch-and-release
    (extends the debugging already present in policy/debug.bro)

  o Fixing typo in util.py. Closes #223.

  o Added note to README pointing to HTML version.

  o Disabling print_hook for proxies' remote.log.

  o broctl's capstats now reports a total as well, and stats.log
    tracks these totals. Closes #160.

  o Avoiding spurious "waiting for lock" messages in cron mode.
    Closes #206.

  o Bug fixes for installation on NFS.

  o Bug fix for top command on FreeBSD 8.

  o crash-diag now checks whether gdb is available.

  o trace-summary reports the sample factor in use in its output,
    and now also applies it to the top-local-networks output (not
    doing the latter was a bug).

  o Removed the default twice-a-day rotation for conn.log. The
    default rotation for conn.log now is now once every 24h, just
    like for all other logs with the exception of mail.log (which is
    still rotated twice a day, and thus the alarms are still mailed
    out twice a day).

  o Fixed the problem of logs sometimes being filed into the wrong
    directory (see the (now gone) FAQ entry in the README).

  o One can now customize the archive naming scheme. See the
    corresponding FAQ entry in the README.

  o Cleaned up, and extended, collection of cluster statistics.

    ${logdir}/stats now looks like this:

      drwxr-xr-x   4 bro  wheel      59392 Apr  5 17:55 .
      drwxr-xr-x  96 bro  wheel       2560 Apr  6 12:00 ..
      -rw-r--r--   1 bro  wheel        576 Apr  6 16:40 meta.dat
      drwxr-xr-x   2 bro  wheel       2048 Apr  6 16:40 profiling
      -rw-r--r--   1 bro  wheel  771834825 Apr  6 16:40 stats.log
      drwxr-xr-x   2 bro  wheel       2048 Apr  6 16:25 www

    stats.log accumulates cluster statistics collected every time
    "cron" is called.

    - profiling/ keeps the nodes' prof.logs.

    - www/ keeps a subset of stats.log in CSV format for easy plotting.

    - meta.dat contains meta information about the current cluster
    state (in particular which nodes we have, and when the last
    stats update was done).

    Note that there is not Web setup yet to actually plot the data
    in www/.

  o BroControl now automatically maintains links inside today's log
    archive directory pointing to the current live version of the
    corresponding log file (if Bro is running). For example:

    smtp.log.11:52:18-current -> /usr/local/cluster/spool/manager/smtp.log

  o Alarms mailed out by BroControl now (1) have the notice msg in the
    subject; and (2) come with the full mail.log entry in the body.
