[Bro] logging to multiple locations in a cluster
johanna at icir.org
Fri Oct 14 08:02:54 PDT 2016
Yes, it is.
I think you only have to redef Log::enable_local_logging to true on the
workers (it is usually set to false when enabling cluster mode).
On 14 Oct 2016, at 7:52, erik clark wrote:
> Is it possible to log to more than one location? I want my broctl to
> push a
> remote logger, AND log locally, for redundancy in case the remote
> So, each capture node in the cluster should be instructed to log to
> capture node, and copy across the wire to the logger node(s). If this
> not possible, is there a way to perhaps sniff the outbound link and
> Bro mailing list
> bro at bro-ids.org
More information about the Bro