[Bro] one bro manager, multiple node.cfgs
Johanna Amann
johanna at icir.org
Wed Dec 7 12:37:14 PST 2016
Sorry, no, it is currently not. There have been plans for clusters with
more complex hierarchies for a while, but that is not done yet.
If you really just need to mark the source of data, you always could add a
column to each logfile that shows which worker node it originated from.
Johanna
On Wed, Dec 07, 2016 at 08:32:10AM -0500, erik clark wrote:
> Is it possible to push multiple node.cfgs out to separate clusters from one
> manager? I want to have different loggers for different sets of hosts in
> different clusters, and having one manager for each set of hosts in each
> cluster would be ideal. E.g.:
>
> cluster 1
> proxy 1
> worker 1
> proxy 2
> worker 2
> logger 1
>
> cluster 2
> proxy 1
> worker 1
> proxy 2
> worker 2
> logger 2
>
> This would be with a single manager. The reason for this is because I would
> be managing hosts in different clusters with vastly different
> traffic/traffic profiles, and I don't want to comingle it on a single
> logger. If they log separately, then I can winnow out what traffic came
> from which tap.
>
> Thanks!
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list