[Bro-Dev] cluster framework
Seth Hall
seth at icir.org
Mon Jul 11 09:13:57 PDT 2011
I just realized that something isn't terribly obvious from the cluster framework. I didn't give an example Cluster::nodes configuration anywhere, so here is one that I was testing things with. It's likely fairly similar to the one that I will be using for the cluster tests when I manage to get those done.
redef Cluster::nodes = {
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=47757/tcp, $workers=set("worker-1")],
["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=47758/tcp, $manager="manager-1", $workers=set("worker-1")],
["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=47759/tcp, $proxy="proxy-1", $manager="manager-1", $interface="en0"],
["control"] = [$node_type=Cluster::CONTROL, $ip=127.0.0.1, $p=47761/tcp],
["time-machine"] = [$node_type=Cluster::TIME_MACHINE, $ip=127.0.0.1, $p=47762/tcp],
};
A couple of comments too...
- It uses this funny flat structure because deep structures are currently difficult and a bit messy in Bro scripts. Unfortunately this leads to the less-than-optimal pointing with $workers, $proxy, and $manager but I think it's fairly inconsequential since most people will be autogenerating this with tools like broctl.
- I segmented the notion of the manager node and where "control" is performed from which is usually done by processes using broccoli in the cluster context. This should help with the future move to deep clustering where there may be multiple managers in clusters (maybe manager won't even be the correct term?).
- Time machine nodes were merged directly into the cluster configuration.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list