[Zeek] Request for Feedback - Zeek Process Supervision Model
James Lay
jlay at slave-tothe-box.net
Tue Mar 19 13:16:23 PDT 2019
High resource usage of broctrl prevents me from running it at home...so
hopefully that can be improved upon.
James
On 2019-03-19 09:31, Zander Work wrote:
> This would be awesome to have, especially in a cluster environment.
> Testing new scripts before we push them to production is a bit
> challenging sometimes, so being able to reliably and repeatably test
> them in a clustered environment would be awesome.
> Another thing that wasn't mentioned in the blog post that I want to
> make sure makes it into the new process is something like "broctl
> cron". It does a great job of restarting processes when they crash,
> but also monitoring disk usage and other potential issues for us,
> which is helpful in ensuring the stability of our cluster. I see the
> "revive zombie nodes" piece in the Google Doc, which covers the first
> bit, but other host-level monitoring/alerting components would be nice
> to see in the new process.
>
> -Zander
>
> On 3/18/19 6:55 PM, anthony kasza wrote:
>
> I'm excited to see this. I think it's a great design choice. This
> sentence is my favorite, "We need to make it easy to test, from the
> command-line, using just PCAP files, a complete cluster deployment
> (scaled down) as it would work in production."
>
> I'm looking forward to it!
>
> -AK
>
> On Mon, Mar 18, 2019, 19:44 Jon Siwek <jsiwek at corelight.com> wrote:
>
> I just published some design thoughts related to a major new Zeek
> feature that's planned/upcoming: a process supervision model that
> may
> act as an alternative (successor) to BroControl. Find that here:
>
> https://blog.zeek.org/2019/03/beyond-brocontrol-new-process.html
>
> Feel free to use this mailing list / thread to provide feedback,
> thanks.
>
> - Jon
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
_______________________________________________
Zeek mailing list
zeek at zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190319/f151e19f/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2019-03-19 14_14_19-2fa.png
Type: image/png
Size: 13284 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190319/f151e19f/attachment-0001.bin
More information about the Zeek
mailing list