[Zeek] logger in a Zeek's cluster
Robin Sommer
robin at corelight.com
Fri May 17 07:24:34 PDT 2019
On Fri, May 17, 2019 at 13:36 +0000, Palumbo Mauro wrote:
> The logger too does receive only a few events from the other nodes
> using the cluste/broker frameworks, but not those related to logging.
> How does it get the logging data from the workers?
Logging doesn't go through events, it's communicated separately over
Broker through dedicated log messages. You can get statistics for that
through the get_broker_state() function [1]. The returned BrokerStats
record has fields num_logs_incoming and num_logs_outgoing.
Robin
[1] https://docs.zeek.org/en/latest/scripts/base/bif/stats.bif.zeek.html#id-get_broker_stats
--
Robin Sommer * Corelight, Inc. * robin at corelight.com * www.corelight.com
More information about the Zeek
mailing list