mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
ded98cd373
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the zeek-docs repo.
88 lines
2.3 KiB
INI
88 lines
2.3 KiB
INI
# The instances section describes where you run Management agents
|
|
# and whether these agents connect to the controller, or the controller
|
|
# connects to them. Each instance (or, equivalently, the agent running
|
|
# on it) is identified by a unique name. The names in this configuration
|
|
# must match the names the agents use in the Zeek configuration. Without
|
|
# customization, that name is "agent-<hostname>".
|
|
[instances]
|
|
# A value-less entry means this agent connects to the controller:
|
|
agent-testbox
|
|
|
|
# An entry with a value of the form "<host>:<port>" means the controller will
|
|
# connect to them.
|
|
#
|
|
# agent-testbox = 12.34.56.78:1234
|
|
|
|
# All other sections identify Zeek cluster nodes. The section name sets
|
|
# the name of the node:
|
|
[manager]
|
|
|
|
# Nodes typically state which instance they run on:
|
|
instance = agent-testbox
|
|
|
|
# Every node needs to define its role. Possible values are "manager",
|
|
# "logger", "proxy", and "worker".
|
|
role = manager
|
|
|
|
# For nodes that require a listening port (all roles but workers),
|
|
# you can choose to define a port. If you omit it, the framework will
|
|
# define ports for you. Only give a number; TCP is implied.
|
|
#
|
|
# port = 1234
|
|
|
|
# You can optionally specify explicit metrics exposition ports for each
|
|
# node. If you omit these, the framework (specifically, the controller)
|
|
# will define ports for you. Only give a number; TCP is implied.
|
|
#
|
|
# metrics_port = 9090
|
|
|
|
# You can provide additional scripts that a node should run. These scripts
|
|
# must be available on the instance. Space-separate multiple scripts.
|
|
#
|
|
# scripts = policy/tuning/json-logs policy/misc/loaded-scripts
|
|
|
|
# You can define environment variables for the node. List them as <key>=<value>,
|
|
# space-separated if you provide multiple. If the value has whitespace, say
|
|
# <key>="<the value>'
|
|
#
|
|
# env = FOO=BAR
|
|
|
|
# For workers, specify a sniffing interface as follows:
|
|
#
|
|
# interface = <name>
|
|
|
|
# To express CPU affinity, use the following:
|
|
#
|
|
# cpu_affinity = <num>
|
|
|
|
[logger]
|
|
instance = agent-testbox
|
|
role = logger
|
|
|
|
[proxy1]
|
|
instance = agent-testbox
|
|
role = proxy
|
|
|
|
[proxy2]
|
|
instance = agent-testbox
|
|
role = proxy
|
|
|
|
[worker1]
|
|
instance = agent-testbox
|
|
role = worker
|
|
interface = eth0
|
|
|
|
[worker2]
|
|
instance = agent-testbox
|
|
role = worker
|
|
interface = eth1
|
|
|
|
[worker3]
|
|
instance = agent-testbox
|
|
role = worker
|
|
interface = eth2
|
|
|
|
[worker4]
|
|
instance = agent-testbox
|
|
role = worker
|
|
interface = eth3
|