[Bro] Bro cluster requirements and manager logging backlog bug
hovsep.sanjay.levi at gmail.com
Thu Dec 22 15:42:11 PST 2016
I can see a number of knobs that could make it happen but I don't know how
to go about scripting it. I think it would:
- disable logging to manager (done automatically by having a logger node)
- bypass the single logger limit
- configure each logger to have a writer::kafka
- disable other writers if necessary
- check if the local worker is part of the same node for the local logger
(based on IP address I guess) and use that as a filter for the
Starting from bro_init () I don't know how to do this or if it can be done
in conjunction with node.cfg or a custom-layout.bro.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro