[Zeek] High Availability with Zeek
Justin Azoff
justin at corelight.com
Fri Oct 25 12:04:37 PDT 2019
On Fri, Oct 25, 2019 at 2:34 PM Jon Siwek <jsiwek at corelight.com> wrote:
> On Wed, Oct 23, 2019 at 8:24 AM Jorge Garcia Rodriguez <jgarciar at sia.es>
> wrote:
> >
> > So my question here is: ¿Is possible to configure a second Manager or
> something to reach high availability?
>
> The default scripts/configuration more or less depends on there being
> exactly 1 Manager. That doesn't stop someone from writing their own
> scripts to handle things differently, but while that's technically
> possible, it's not a trivial effort I expect a user undertake.
>
> - Jon
>
We may be a bit further along than people realize though. With 2.6+ we
have proxy failover, and I think logger failover works too if you configure
more than one. If the manager dies the most noticeable issues are intel,
notices, and sumstats would stop working.. so I think only a few places
need updating. At some point the manager process won't be doing anything.
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191025/306c9edc/attachment.html
More information about the Zeek
mailing list