[Bro] Bro cluster requirements and manager logging backlog bug
Hovsep Levi
hovsep.sanjay.levi at gmail.com
Thu Dec 22 15:42:11 PST 2016
I can see a number of knobs that could make it happen but I don't know how
to go about scripting it. I think it would:
- disable logging to manager (done automatically by having a logger node)
- bypass the single logger limit
- configure each logger to have a writer::kafka
- disable other writers if necessary
- check if the local worker is part of the same node for the local logger
(based on IP address I guess) and use that as a filter for the
worker2logger events
Starting from bro_init () I don't know how to do this or if it can be done
in conjunction with node.cfg or a custom-layout.bro.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161222/0b51920b/attachment.html
More information about the Bro
mailing list