[Bro] bro cluster in containers
Poore, Jeffrey S
jeffrey.s.poore at bankofamerica.com
Fri Jun 1 07:04:12 PDT 2018
> I've been meaning to try to build this out using k8s, just haven't had time.
We do plan to migrate to k8s at some point. In fact, I'd prefer doing it that way. The reason we are using Mesos is that it was chosen by two of the original developers before I joined the project. They were not so much focused on the containers part of it as they were on hosting MapR.
> To really be useful you also need to automate the configuration of the tapagg layer.
Can you elaborate on what that means? :)
> Right now it would break because of how this is written:
> ...
> but I'm sure you could have a variation of that function that doesn't care if the node is unexpected.
Can you override event handlers in Bro for a core function like that? Presumably I could also just have a thing to add the node in before it gets there?
> k8s and Mesos should just do that for you, but what environment are you running in where that would be useful?
Well, I was just thinking more from the standpoint of discovering the nodes. You are right, zookeeper wouldn't really be needed because I can get all the info about the nodes from Mesos itself. I actually came up with an idea of running my own little service that monitors what nodes are running and makes sure the master config is up to date. If anyone has done that before, I would be interested in talking to you.
As for environment, we are feeding in large volumes of network traffic from some gigamons for further analysis by our data scientists. We feel that bro will give us the flexibility we need and will also help in categorizing the data when it comes in the door, not to mention simply giving us some additional checking through feeds like critical stack.
----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
More information about the Bro
mailing list