[Bro-Dev] Broker data store use case and questions
Jon Siwek
jsiwek at corelight.com
Mon May 14 07:43:15 PDT 2018
On 5/11/18 6:33 PM, Michael Dopheide wrote:
> First, can Cluster::default_master_node be changed to default to the
> name of the current manager node rather than specifying the name as
> 'manager'?
Maybe. I'll try having broctl communicate that to Bro via a new
environment variable.
> Easy to redef to the manager's name, but less easy when you
> use the same code base on multiple clusters with different names.
If you don't want to wait for me to try the above fix, you could also
try redef'ing it yourself with a call to getenv(), using an environment
variable whose value you can set differently for each cluster.
> Second, when during startup should Bro know that it's persistent stores
> exist via Cluster::stores() ? It appears bro_init may be too soon, but
> I'm still playing.
The comments for the Cluster::stores table may help in case you missed
it -- Cluster::create_store() is intended to be called in bro_init() and
will end up populating Cluster::stores. Though, you can pre-populate
and customize the Cluster::stores table via a redef and those will all
automatically get picked up when during the Cluster::create_store() process.
> Also, it'd be nice if the persistence of built-in
> stores (like known/hosts, known/certs, etc) were redef-able.
It should be possible like putting this in local.bro:
redef Cluster::stores += {
[Known::host_store_name] = Cluster::StoreInfo($backend =
Broker::SQLITE)
};
- Jon
More information about the bro-dev
mailing list