[Bro-Dev] Broker cluster discovery and load balancing

[Hosom, Stephen M]

I've been working on an application that will fire a large volume of events into bro through broker. Basically, I want to fire events into Broker and load balance them across a pool of workers without the need for more than one worker to handle the same event.


I'm having difficulty determining the most right way to accomplish a couple tasks.


I have looked at the implementations of publish_hrw and publish_rr in bro. I could easily implement those features in my application if that is the recommended way to handle this issue.


Unfortunately, that leaves me with another unfortunate problem. I have been unsuccessful in determining how to 'discover' members of a Bro cluster via Broker. Is there a way to do discovery, or do I need to know who the cluster members are and what port they are listening on via a broctl configuration equivalent?