[Bro] Bro cluster questions, round 2

Dop dopheide at ncsa.illinois.edu
Fri Feb 4 09:02:17 PST 2011


Unrelated to notification, I have a couple more bro clustering questions.

1) A couple more months from now, asymmetric routing is going to be a real
problem for us.  My plan is to correlate possible_split_routing alerts to
identify those situations.  Other than writing an external script to
process the logs on the manager node, can the manager do this within Bro?
Essentially it would have to process an event based on an event handed to
it from the worker nodes.  I guess this is a more general question, can
the manager programmatically respond to things seen by various workers
that the workers themselves can't see as a whole?

2) It's probably too early to ask as we're just beginning to think about
this, but is it possible to distribute a Time Machine setup across all the
Bro workers?  

-Dop





More information about the Bro mailing list