[Zeek] Request for Feedback - Zeek Process Supervision Model
Samuel Oehlert
soehlert at es.net
Tue Mar 19 13:06:31 PDT 2019
Personally, I think it would be poor design to rebuild host OS monitoring
inside the Zeek supervisor. I think that should be left up to the many
other projects specifically designed to monitor disk usage, etc. That being
said, exposing some metrics about Zeek the application layer sounds like it
would be a win. That being said, that might be outside the scope of a
supervisor as well.
Overall, I'm in agreement with what i'm reading in these responses as well
the design docs. I think this is much needed and I'm glad it is getting the
focus it deserves.
- Sam
On Tue, Mar 19, 2019 at 10:58 AM Zander Work <zander.work at oregonstate.edu>
wrote:
> This would be awesome to have, especially in a cluster environment.
> Testing new scripts before we push them to production is a bit challenging
> sometimes, so being able to reliably and repeatably test them in a
> clustered environment would be awesome.
> Another thing that wasn't mentioned in the blog post that I want to make
> sure makes it into the new process is something like "broctl cron". It does
> a great job of restarting processes when they crash, but also monitoring
> disk usage and other potential issues for us, which is helpful in ensuring
> the stability of our cluster. I see the "revive zombie nodes" piece in the
> Google Doc, which covers the first bit, but other host-level
> monitoring/alerting components would be nice to see in the new process.
>
> -Zander
>
>
> On 3/18/19 6:55 PM, anthony kasza wrote:
>
> I'm excited to see this. I think it's a great design choice. This sentence
> is my favorite, "We need to make it easy to test, from the command-line,
> using just PCAP files, a complete cluster deployment (scaled down) as it
> would work in production."
>
> I'm looking forward to it!
>
> -AK
>
> On Mon, Mar 18, 2019, 19:44 Jon Siwek <jsiwek at corelight.com> wrote:
>
>> I just published some design thoughts related to a major new Zeek
>> feature that's planned/upcoming: a process supervision model that may
>> act as an alternative (successor) to BroControl. Find that here:
>>
>> https://blog.zeek.org/2019/03/beyond-brocontrol-new-process.html
>>
>> Feel free to use this mailing list / thread to provide feedback, thanks.
>>
>> - Jon
>> _______________________________________________
>> Zeek mailing list
>> zeek at zeek.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>>
>
> _______________________________________________
> Zeek mailing listzeek at zeek.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190319/2f08ebe4/attachment.html
More information about the Zeek
mailing list