[Zeek] Manager, Proxy and Worker all logging the same notice to notice.log
Justin Azoff
justin at corelight.com
Thu Dec 26 14:01:52 PST 2019
What is the notice? What does your node.cfg look like?
On Thu, Dec 26, 2019 at 3:44 PM Denny Sabu <Denny.Sabu at sensato.co> wrote:
> Hello,
>
> I have a clustered deployment of Zeek (v3.0.0) consisting of a manager, a
> proxy and 16 workers. In notice.log, I see 3 notices for what appears to be
> a single event. The 3 notices have the same ts, source, destination, IPs,
> ports, fuids, notes, and msgs but the uid is different for all 3 notices.
> In addition the 'peer_descr' value is different for each, with one being
> the manager, one the proxy and one the worker.
>
> Any help/guidance on the matter would be greatly appreciated.
>
> Best,
>
> Denny Sabu
> *Software Engineer*
> *Sensato*
> www.sensato.co
> <https://www.facebook.com/SensatoTeam/>
> <https://twitter.com/sensatocybersec>
> <https://www.linkedin.com/company/15231342/>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191226/d31cfc69/attachment.html
More information about the Zeek
mailing list