[Zeek] Question regarding distributed clustering with Zeek!

Hovsep Levi hovsep.sanjay.levi at gmail.com
Tue Jan 22 12:42:26 PST 2019


I'd approach it by modifying the logging system.  With a little work you
could tag workers in node.cfg with "logging=north-south" or
"logging=east-west" and then modify the bro logging script to decide where
incoming logs should go based on that tag.

-L

On Tue, Jan 22, 2019 at 5:20 PM fatema bannatwala <
fatema.bannatwala at gmail.com> wrote:

> Hi All,
>
> Currently we are monitoring the north-south traffic using Zeek cluster
> (with a manager/logger system and 4 dedicated systems running as workers),
> and recently we managed to get approval of monitoring some of the east-west
> traffic with Zeek as well (Yay).
> And we want the logs corresponding to the internal (east-west) traffic
> monitoring to be logged separately than the logs of north-south traffic
> (current Zeek deployment).
> Therefore wanted to ask if multiple managers (two potentially) can be
> setup on a single system for two separate Zeek clusters (internal and
> external)?
>
> Or does Zeek yet support distributed clustering?
>
> Any thoughts? or better way to achieve the same?
>
> Thanks,
> Fatema.
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190122/3cf975e8/attachment.html 


More information about the Zeek mailing list