[Zeek] intel framework, disabling certain feeds to certain workers
Munroe Sollog
mus3 at lehigh.edu
Wed Nov 13 10:55:15 PST 2019
Is there a way to select which intel "files" are sent to particular
workers? Perhaps using the aux-script parameter in nodes.cfg?
We are running Bro 2.6.4. We are using two remote workers to collect
specific data on much smaller machines. On our main cluster we are trying
to load a +2GB file using the intel framework. The main cluster seems to
handle this file with no problem. However, it is causing the "specialized"
remote workers to crash "out of memory".
I realize I'm not necessarily using the cluster feature as intended, but it
has, thus far, been extremely convenient. I would like to not have to
create a separate cluster.
Any advice?
--
Munroe Sollog
Senior Network Engineer
munroe at lehigh.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191113/9e3b6de2/attachment.html
More information about the Zeek
mailing list