diff --git a/policy/frameworks/cluster/base/__load__.bro b/policy/frameworks/cluster/base/__load__.bro index 28c40c5afc..64bee5e1ad 100644 --- a/policy/frameworks/cluster/base/__load__.bro +++ b/policy/frameworks/cluster/base/__load__.bro @@ -3,6 +3,12 @@ @if ( Cluster::node != "" ) +# Give the node being started up it's peer name. +redef peer_description = Cluster::node; + +# Add a cluster prefix. +@prefixes += cluster + # Only load the communication framework if it really looks like someone is # trying to start up a cluster node. @load frameworks/communication diff --git a/policy/frameworks/cluster/base/main.bro b/policy/frameworks/cluster/base/main.bro index 32cd32cce7..ab35bc8f86 100644 --- a/policy/frameworks/cluster/base/main.bro +++ b/policy/frameworks/cluster/base/main.bro @@ -62,9 +62,6 @@ export { const node = getenv("CLUSTER_NODE") &redef; } -# Give the node being started up it's peer name. -redef peer_description = Cluster::node; - event bro_init() { if ( node != "" && node !in nodes ) diff --git a/policy/frameworks/cluster/base/node/manager.bro b/policy/frameworks/cluster/base/node/manager.bro index a9f462401c..eec61ea5cd 100644 --- a/policy/frameworks/cluster/base/node/manager.bro +++ b/policy/frameworks/cluster/base/node/manager.bro @@ -1,4 +1,4 @@ -##! This is the core Bro script support for the notion of a cluster manager. +##! This is the core Bro script to support the notion of a cluster manager. ##! ##! The manager is passive (the workers connect to us), and once connected ##! the manager registers for the events on the workers that are needed @@ -7,15 +7,14 @@ ##! This is where the cluster manager sets it's specific settings for other ##! frameworks and in the core. +@prefixes += cluster-manager + ## Turn off remote logging since this is the manager and should only log here. redef Log::enable_remote_logging = F; ## Use the cluster's archive logging script. redef Log::default_rotation_postprocessor = "archive-log"; -## The cluster manager does not capture packets. -redef interfaces = ""; - ## We're processing essentially *only* remote events. redef max_remote_events_processed = 10000; diff --git a/policy/frameworks/cluster/base/node/proxy.bro b/policy/frameworks/cluster/base/node/proxy.bro index 6051e5c7ab..c1af918842 100644 --- a/policy/frameworks/cluster/base/node/proxy.bro +++ b/policy/frameworks/cluster/base/node/proxy.bro @@ -1,6 +1,5 @@ -## No packet capture on proxy. -redef interfaces = ""; +@prefixes += cluster-proxy ## The proxy only syncs state; does not forward events. redef forward_remote_events = F; diff --git a/policy/frameworks/cluster/base/node/worker.bro b/policy/frameworks/cluster/base/node/worker.bro index 517287372e..6e6144da5c 100644 --- a/policy/frameworks/cluster/base/node/worker.bro +++ b/policy/frameworks/cluster/base/node/worker.bro @@ -1,4 +1,6 @@ +@prefixes += cluster-worker + ## Don't do any local logging. redef Log::enable_local_logging = F; @@ -11,3 +13,6 @@ redef Log::default_rotation_postprocessor = "delete-log"; ## Record all packets into trace file. # TODO: should we really be setting this to T? redef record_all_packets = T; + +# TODO: Workers need to have a filter for the notice log which doesn't +# do remote logging since we forward the notice event directly. \ No newline at end of file diff --git a/policy/frameworks/cluster/base/setup-connections.bro b/policy/frameworks/cluster/base/setup-connections.bro index 4ed88ac7c3..73f7be7e62 100644 --- a/policy/frameworks/cluster/base/setup-connections.bro +++ b/policy/frameworks/cluster/base/setup-connections.bro @@ -15,11 +15,6 @@ event bro_init() &priority=9 Communication::nodes["control"] = [$host=n$ip, $connect=F, $class="control", $events=control_events]; - # The node being started up is this node so we create a dummy - # communication entry to point at this host for control. - if ( i == node ) - Communication::nodes[i] = [$host=n$ip, $p=n$p, $connect=F, $class="control", $sync=F]; - if ( me$node_type == MANAGER ) { if ( n$node_type == WORKER && n$manager == node )