[Zeek] Question regarding distributed clustering with Zeek!

Jon Siwek jsiwek at corelight.com
Tue Jan 22 11:49:06 PST 2019


On Tue, Jan 22, 2019 at 11:20 AM fatema bannatwala
<fatema.bannatwala at gmail.com> wrote:

> Therefore wanted to ask if multiple managers (two potentially) can be setup on a single system for two separate Zeek clusters (internal and external)?
>
> Or does Zeek yet support distributed clustering?

Don't think it's that sophisticated at the moment.  You might get what
you want if a single Bro/BroControl install had the ability to let a
user dynamically choose which config file to use and then you can set
up two different cluster configs on the same system (it's probably not
too difficult to patch/hack in if you are desperate).  Otherwise, I
imagine a crude, but working solution is to have two installations on
the same system using a different --prefix: they'd then have different
config files and log dirs by default.  There's also the matter of
setting BroPort in each broctl.cfg far enough away from each other
such that there's no port conflicts.

- Jon


More information about the Zeek mailing list