[Bro] deep cluster documentation & status
erik clark
philosnef at gmail.com
Thu Dec 15 07:01:44 PST 2016
Is there any additional documentation on the deep cluster as noted here:
https://www.bro.org/development/projects/deep-cluster.html
I would like to contribute to this, but the status of this project is
unclear from the documentation, and there are some requirements that need
to be laid out in Bro itself to make this work, such as logging the
hostname associated with a given worker node in every log file in order to
track node health.
The @stats option gives you incremental information for all node types,
BUT, that is all it does. Determining from incremental counters when Bro
fails or loses capture through a network connectivity issue becomes
impossible when all the data in the logger node is intermingled. Having the
hostname in all the logs means you can simply track the event count rate
(non-incremental) in your visualization tool of choice, like ELK or Splunk.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161215/aea671c4/attachment.html
More information about the Bro
mailing list