[Bro] About Bro Cluster Configuration
Vlad Grigorescu
vladg at illinois.edu
Mon Feb 29 11:07:52 PST 2016
Yes, this should be fine. The standard architecture is meant to
provide load-balancing for monitoring points that are too large for a
single system to monitor (> 4-5 Gbps with modern, beefy hardware). As
long as each Bro worker is seeing both the upflow and downflow of each
connection it sees, the cluster doesn't care about which worker sees
which subset of the overall traffic.
--Vlad
Cristian Daniel Barbaro <cbarbaro at cert.unlp.edu.ar> writes:
> Hello, I have a question about Bro Cluster architecture. By default, the
> cluster architecture has a frontend listening to a �high-speed link;
> �spliting traffic to each worker and to finally all workers information
> be administered by a manager using a proxy, etc.
>
> What we want to do is to have several workers analysing different
> networks segments and that each of those workers communicate with a
> manager, who will be responsible for managing all information and of
> course, enabling a centralized administration of workers configuration.
>
> Is it possible to do this?
>
> Thanks and regards.
>
> --
> Cristian Daniel Barbaro
> CERTUNLP
> --
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160229/2c978406/attachment.bin
More information about the Bro
mailing list