Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/policy/frameworks/management/node/api.zeek
Christian Kreibich 788348f9d6 Management framework: allow dispatching "actions" on cluster nodes. 
This adds request/response event pairs to enable the controller to dispatch
"actions" (pre-implemented Zeek script actions) on subsets of Zeek cluster nodes
and collect the results. Using generic events to carry multiple such "run X on
the nodes" scenarios simplifies adding these in the future.
2022-04-15 18:51:56 -07:00

42 lines
1.7 KiB
Text
Raw Blame History

##! The Management event API of cluster nodes. The API consists of request/
##! response event pairs, like elsewhere in the Management, Supervisor, and
##! Control frameworks.
@load policy/frameworks/management/types
module Management::Node::API;
export {
## Management agents send this event to every Zeek cluster node to run a
## "dispatch" -- a particular, pre-implemented action. This is the agent-node
## complement to :zeek:see:`Management::Agent::API::node_dispatch_request`.
##
## reqid: a request identifier string, echoed in the response event.
##
## action: the requested dispatch command, with any arguments.
global node_dispatch_request: event(reqid: string, action: vector of string);
## Response to a node_dispatch_request event. The nodes send this back
## to the agent. This is the agent-node equivalent of
## :zeek:see:`Management::Agent::API::node_dispatch_response`.
##
## reqid: the request identifier used in the request event.
##
## result: a :zeek:see:`Management::Result` record covering one Zeek
## cluster node managed by the agent. Upon success, the data field
## contains a value appropriate for the requested dispatch.
global node_dispatch_response: event(reqid: string, result: Management::Result);
# Notification events, node -> agent
## The cluster nodes send this event upon peering as a "check-in" to
## the agent, to indicate the node is now available to communicate
## with. It is an agent-level equivalent of :zeek:see:`Broker::peer_added`,
## and similar to :zeek:see:`Management::Agent::API::notify_agent_hello`
## for agents.
##
## node: the name of the node, as given in :zeek:see:`Cluster::node`.
##
global notify_node_hello: event(node: string);
}
Reference in a new issue View git blame Copy permalink