[Bro-Dev] broctld deployment model

[Robin Sommer]

Seth, Vlad, and I were discussing future deployment models for broctld
this morning, and I thought I'd capture some thoughts here for further
discussion and feedback:

    - we were thinking that eventually broctld should probably be
      running on *every* host with Bro prcocesses, including workers.
      That way things get more consistent: each broctld will be in
      charge of the Bro processes on "its" host. When an upstream
      broctld wants to trigger some action somewhere else, rather than
      logging in and executing commands directly, it would instead
      talk to the corresponding broctld. That unifies communication
      between systems (in particular in the deep cluster setting) and
      will also make maintaince tasks, like monitoring and restarting
      Bro processes, much simpler and more responsive.

    - with that, we can then consider switching to a more standard
      model for installing daemons on hosts: rather than having a
      central node push everything out (incuding programs and
      binaries), people would install broctld locally on each host via
      the package system (or whatever), including init.d scripts etc.

    - we could also consider moving away from SSH as the primary
      communication mechanism if there's better alternatives.

All not really new, but I thought I'd write it down. Feedback welcome.

Robin

-- 
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin