[Bro] specific logging per worker
Johanna Amann
johanna at icir.org
Tue Jan 3 02:48:23 PST 2017
On Fri, Dec 16, 2016 at 02:09:09PM +1100, John Edwards wrote:
> Hi all,
>
> If i have a cluster that contains 2 workers among a proxy and logger etc,
> Worker 1 watches and logs everything, Is there a way i can tell worker 2 to
> only log a specific protocol and not watch everything the Worker 1?
You can add worker-specific configuration to local.bro using the @if
directive.
For example something like...
@if ( Cluster::node == "worker-1" )
# things here will only be executed on node named worker-1
@endif
That being said - why exactly do you want to do that? In a traditional
cluster setting, the traffic is split eavenly among the workers and you
typically want everyone to perform exactly the same actions.
Johanna
More information about the Bro
mailing list