[Zeek] cluster configuration hot update

Jon Siwek jsiwek at corelight.com
Fri May 3 08:48:41 PDT 2019


On Fri, May 3, 2019 at 1:01 AM Palumbo Mauro <mauro.palumbo at aizoon.it> wrote:

> As far as I understand, I can update the node.cfg file, for example with new workers, and run the deploy command in broctl to update the configuration. But this will stop and restart the workers for a short time. Is there a way to avoid it? I had a look into the cluster framework and other parts of zeek’s code, but it doesn’t seem so easy to me.

A dynamically changing cluster is theoretically possible, but not
something I know any tricks to get working now -- it's likely some
effort to hack that feature in or else try to roll your own cluster
config that uses the underlying Broker framework to set up connections
instead of the default cluster/broctl frameworks.

- Jon



More information about the Zeek mailing list