[Zeek] Request for Feedback - Zeek Process Supervision Model

Zander Work zander.work at oregonstate.edu
Tue Mar 19 08:31:23 PDT 2019 

This would be awesome to have, especially in a cluster environment. 
Testing new scripts before we push them to production is a bit 
challenging sometimes, so being able to reliably and repeatably test 
them in a clustered environment would be awesome.

Another thing that wasn't mentioned in the blog post that I want to make 
sure makes it into the new process is something like "broctl cron". It 
does a great job of restarting processes when they crash, but also 
monitoring disk usage and other potential issues for us, which is 
helpful in ensuring the stability of our cluster. I see the "revive 
zombie nodes" piece in the Google Doc, which covers the first bit, but 
other host-level monitoring/alerting components would be nice to see in 
the new process.

-Zander

On 3/18/19 6:55 PM, anthony kasza wrote:
> I'm excited to see this. I think it's a great design choice. This 
> sentence is my favorite, "We need to make it easy to test, from the 
> command-line, using just PCAP files, a complete cluster deployment 
> (scaled down) as it would work in production."
>
> I'm looking forward to it!
>
> -AK
>
> On Mon, Mar 18, 2019, 19:44 Jon Siwek <jsiwek at corelight.com 
> <mailto:jsiwek at corelight.com>> wrote:
>
>     I just published some design thoughts related to a major new Zeek
>     feature that's planned/upcoming: a process supervision model that may
>     act as an alternative (successor) to BroControl.  Find that here:
>
>     https://blog.zeek.org/2019/03/beyond-brocontrol-new-process.html
>
>     Feel free to use this mailing list / thread to provide feedback,
>     thanks.
>
>     - Jon
>     _______________________________________________
>     Zeek mailing list
>     zeek at zeek.org <mailto:zeek at zeek.org>
>     http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190319/d75e7972/attachment-0001.html

More information about the Zeek mailing list