[Bro] logging to multiple locations in a cluster
erik clark
philosnef at gmail.com
Fri Oct 14 08:19:53 PDT 2016
Yep, ok, can do. Thanks Johanna and Zoella!
So redef in local-worker.bro?
On Fri, Oct 14, 2016 at 11:11 AM, Zeolla at GMail.com <zeolla at gmail.com> wrote:
> I'm not positive about your exact scenario, but I am currently logging to
> multiple locations. For instance - to flat files, and to a kafka topic -
> but there is much more that I could be doing. See the logging framework
> <https://www.bro.org/sphinx/scripts/base/frameworks/logging/main.bro.html>.
>
>
> Jon
>
> On Fri, Oct 14, 2016 at 10:59 AM erik clark <philosnef at gmail.com> wrote:
>
>> Is it possible to log to more than one location? I want my broctl to push
>> a remote logger, AND log locally, for redundancy in case the remote logger
>> dies.
>>
>> So, each capture node in the cluster should be instructed to log to that
>> capture node, and copy across the wire to the logger node(s). If this is
>> not possible, is there a way to perhaps sniff the outbound link and log
>> that?
>>
>> Erik
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> --
>
> Jon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161014/42cd07cd/attachment.html
More information about the Bro
mailing list