[Bro-Dev] Final Broker branch testing
Azoff, Justin S
jazoff at illinois.edu
Fri Apr 27 08:35:56 PDT 2018
> On Apr 26, 2018, at 4:25 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
> Other than that things are working great. Cluster::publish_hrw is distributing data cross proxies perfectly:
> # for x in 1 2 3; do broctl print Scan::attacks proxy-$x|grep attempts= -c;done
> # cat /bro/logs/current/notice.log |bro-cut note peer_descr|grep Scan::|cut -f 2|sort|uniq -c
> 454 proxy-1
> 463 proxy-2
> 417 proxy-3
> Once this is stable for a bit i'll start trying things like killing a proxy and verifying that things failover.
I tested this and it works great! I killed proxy-3, and cluster.log immediately logged it as 'node down'
The publish_hrw sent the new data to proxy 1 and 2 and when proxy 3 was restarted it rejoined and started receiving data again.
The next step is 2+ managers and 2+ loggers and we can finally have a bro cluster with no SPOF :)
More information about the bro-dev