Add a new node type for logging

Changed the cluster framework scripts by adding a new Bro node type for doing logging (this is intended to reduce the load on the manager). If a user chooses not to specify a logger node in the cluster configuration, then the manager will write logs locally as usual.
2025-10-17 22:18:20 +00:00 · 2016-06-29 17:55:49 -05:00 · 2016-06-29 17:55:49 -05:00 · f45a3e8878
commit f45a3e8878
parent 98a272b9fd
6 changed files with 85 additions and 10 deletions
--- a/scripts/base/frameworks/cluster/nodes/manager.bro
+++ b/scripts/base/frameworks/cluster/nodes/manager.bro
@ -10,17 +10,20 @@

@prefixes += cluster-manager

-## Turn off remote logging since this is the manager and should only log here.
-redef Log::enable_remote_logging = F;
+## Don't do any local logging since the logger handles writing logs.
+redef Log::enable_local_logging = F;
+
+## Turn on remote logging since the logger handles writing logs.
+redef Log::enable_remote_logging = T;

 ## Log rotation interval.
-redef Log::default_rotation_interval = 1 hrs;
+redef Log::default_rotation_interval = 24 hrs;

 ## Alarm summary mail interval.
 redef Log::default_mail_alarms_interval = 24 hrs;

-## Use the cluster's archive logging script.
-redef Log::default_rotation_postprocessor_cmd = "archive-log";
+## Use the cluster's delete-log script.
+redef Log::default_rotation_postprocessor_cmd = "delete-log";

 ## We're processing essentially *only* remote events.
 redef max_remote_events_processed = 10000;