[Bro] bro cluster in containers

Azoff, Justin S jazoff at illinois.edu
Mon Jun 4 08:26:57 PDT 2018


> On Jun 4, 2018, at 11:06 AM, Poore, Jeffrey S <jeffrey.s.poore at bankofamerica.com> wrote:
> 
> 
> Well, I understand the orchestration is taking care of keeping all the instances up, but there is some communication between them, and so they have to know where to send the packets. That’s why things like Mesos use Zookeeper. I didn’t know if Bro clusters had something similar. I have an idea about how to write my own if it comes to that (and I’m pretty sure that when I actually start clustering things, I’ll understand what to do better).

I don't know anything about mesos, but k8s provides internal cluster dns based service discovery. You would just point all the workers at "logger" and it will do the right thing.

There's probably a whole bunch of corner cases and minor issues that would come up if you actually tried to build this out, but nothing that should prevent it from working.

I've been meaning to try setting it up, just haven't had time.

— 
Justin Azoff




More information about the Bro mailing list