[Bro] log streams in a bro cluster

Seth Hall seth at icir.org
Mon Jun 13 07:57:44 PDT 2016


> On Jun 10, 2016, at 4:41 AM, Luis Martin Liras <martin.liras at gmail.com> wrote:
> 
> but... in this case... what is local-worker.bro for?. I understood that local-worker is what you are running in the workers... Actually the linux process still uses local-worker.bro (which is empty...):]

We've considered getting rid of those extra files.  You have to understand the entire architecture too much to understand why they are there.  We ended up going in a direction where the distinctions between the types of processes are hidden from users because it can be too difficult to know when to use those different files.

The rule of thumb is to just put everything into local.bro or your own scripts that you load in local.bro.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list