[Bro] logging to multiple locations in a cluster
Johanna Amann
johanna at icir.org
Fri Oct 14 08:02:54 PDT 2016
Yes, it is.
I think you only have to redef Log::enable_local_logging to true on the
workers (it is usually set to false when enabling cluster mode).
Johanna
On 14 Oct 2016, at 7:52, erik clark wrote:
> Is it possible to log to more than one location? I want my broctl to
> push a
> remote logger, AND log locally, for redundancy in case the remote
> logger
> dies.
>
> So, each capture node in the cluster should be instructed to log to
> that
> capture node, and copy across the wire to the logger node(s). If this
> is
> not possible, is there a way to perhaps sniff the outbound link and
> log
> that?
>
> Erik
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list