[Zeek] Question regarding distributed clustering with Zeek!

fatema bannatwala fatema.bannatwala at gmail.com
Tue Jan 22 09:03:01 PST 2019


Hi All,

Currently we are monitoring the north-south traffic using Zeek cluster
(with a manager/logger system and 4 dedicated systems running as workers),
and recently we managed to get approval of monitoring some of the east-west
traffic with Zeek as well (Yay).
And we want the logs corresponding to the internal (east-west) traffic
monitoring to be logged separately than the logs of north-south traffic
(current Zeek deployment).
Therefore wanted to ask if multiple managers (two potentially) can be setup
on a single system for two separate Zeek clusters (internal and external)?

Or does Zeek yet support distributed clustering?

Any thoughts? or better way to achieve the same?

Thanks,
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190122/7a34bf48/attachment.html 


More information about the Zeek mailing list