[Zeek-Dev] Zeek Supervisor Command-Line Client
Robin Sommer
robin at corelight.com
Wed Jul 1 02:02:08 PDT 2020
On Tue, Jun 30, 2020 at 14:29 -0700, Jon Siwek wrote:
> Maybe the important observation is that the logic can be performed
> anywhere that has access to the Zeek-Supervisor process.
Agree.
> So where we put the logic at this point may not be important. If we
> can find a single-best-place for the logic to live, that's great
I believe that's what Seth is arguing for: have a Zeek-side script be
the single point of that logic, rather than implement it multiple
times and/or outside of Zeek.
I can see doing that in Zeek but I think there's a trade-off here: if
we want to do the singe-place approach with a multi-system setup, we'd
need an authoritative place to run this logic and hence depend on
*that* Zeek supervisor being up and running for performing the
operation. That may be a reasonably assumption (say if we dedicated
the supervisor running the manager to also be the cluster
coordinator), but it's different from a world where the client can
execute higher-level operations on its own.
Robin
--
Robin Sommer * Corelight, Inc. * robin at corelight.com * www.corelight.com
More information about the Zeek-Dev
mailing list