[Bro] About Bro Cluster Configuration
Cristian Daniel Barbaro
cbarbaro at cert.unlp.edu.ar
Tue Mar 1 04:06:38 PST 2016
Perfect. I'll try it.
Thanks.
El 29/02/16 a las 16:07, Vlad Grigorescu escribió:
> Yes, this should be fine. The standard architecture is meant to
> provide load-balancing for monitoring points that are too large for a
> single system to monitor (> 4-5 Gbps with modern, beefy hardware). As
> long as each Bro worker is seeing both the upflow and downflow of each
> connection it sees, the cluster doesn't care about which worker sees
> which subset of the overall traffic.
>
> --Vlad
>
> Cristian Daniel Barbaro <cbarbaro at cert.unlp.edu.ar> writes:
>
>> Hello, I have a question about Bro Cluster architecture. By default, the
>> cluster architecture has a frontend listening to a �high-speed link;
>> �spliting traffic to each worker and to finally all workers information
>> be administered by a manager using a proxy, etc.
>>
>> What we want to do is to have several workers analysing different
>> networks segments and that each of those workers communicate with a
>> manager, who will be responsible for managing all information and of
>> course, enabling a centralized administration of workers configuration.
>>
>> Is it possible to do this?
>>
>> Thanks and regards.
>>
>> --
>> Cristian Daniel Barbaro
>> CERTUNLP
>> --
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Cristian Daniel Barbaro
CERTUNLP
--
More information about the Bro
mailing list