[Bro] Multiple masters to ease the workload

Seth Hall seth at icir.org
Tue Jun 2 11:38:33 PDT 2015


> On Jun 2, 2015, at 10:29 AM, Close, Jason M. <close at ou.edu> wrote:
> 
> Our current configuration is showing a lot of heavy use by the master node.  We currently run around 6 worker nodes that feed data to the master, and while the master is keeping up in terms of CPU, it is consistently teetering on using all available RAM we can throw at it (128GB at the moment).

That’s indicating a problem.  I’m going to send you a script off-list that you can run and we’ll see if we can nail down what’s causing that.

> We could piece apart the subnets and create multiple Bro clusters.  But it would be nice to have a single cluster, and be able to continue to throw more workers and managers at it.  But I have not seen any documentation about configurations using multiple managers.  If that does exist, can someone point me in the right direction?

You can only run a single manager.

> But due to the taps we have in place, and the manpower availability, right now, spinning up a little more hardware would be a much easier and more economical investment of our time.

Unfortunately in this case you need to fix the problem and can’t really just throw more hardware at it.

  .Seht

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150602/3b25ae60/attachment.bin 


More information about the Bro mailing list