[Bro] logging to multiple locations in a cluster
Zeolla@GMail.com
zeolla at gmail.com
Fri Oct 14 08:11:00 PDT 2016
I'm not positive about your exact scenario, but I am currently logging to
multiple locations. For instance - to flat files, and to a kafka topic -
but there is much more that I could be doing. See the logging framework
<https://www.bro.org/sphinx/scripts/base/frameworks/logging/main.bro.html>.
Jon
On Fri, Oct 14, 2016 at 10:59 AM erik clark <philosnef at gmail.com> wrote:
> Is it possible to log to more than one location? I want my broctl to push
> a remote logger, AND log locally, for redundancy in case the remote logger
> dies.
>
> So, each capture node in the cluster should be instructed to log to that
> capture node, and copy across the wire to the logger node(s). If this is
> not possible, is there a way to perhaps sniff the outbound link and log
> that?
>
> Erik
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161014/9db40818/attachment.html
More information about the Bro
mailing list