[Bro] Sending logs to remote public cloud entity
shasubra1 at gmail.com
shasubra1 at gmail.com
Tue Feb 3 16:21:06 PST 2015
I am looking into setting up a Bro manager in AWS cloud, which will receive logs from
multiple Bro workers on premise. I then plan to take the logs received on the manager and
load them into my database on AWS. The Bro manager itself is merely to receive the logs
and does not generate logs of its own.
I read some documentation about Broccoli whereby I can configure an SSL tunnel by furnishing the manager
with the a public cert, key and CA. I have not found much documentation nor
discussion on this kind of a setup usage.
I am wondering:
- is this the recommended approach to send logs to a remote public cloud entity
- the alternative is to send syslog’s but then I would need to set up stunnel or some other
encrypted tunneling, which instead I am hoping to leverage the Broccoli SSL tunneling functionality
- will the Bro manager scale to receive logs from multiple workers (like 10)
- I can work around this by running multiple Bro managers listening on different ports
- will the logs be written into the normal place on disk with the default writer
Thanks in advance for your input.
Shankar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150203/52245868/attachment.html
More information about the Bro
mailing list