mirror of
https://github.com/zeek/zeek.git
synced 2025-10-17 14:08:20 +00:00
64bc53e621
- Updates to cluster framework to finish the separation between broctl and bro - Extension technique for extending notice emails with extra content. - Deleting the connection record from notices after calling apply_policy. It may have been causing some load and memory issues from copying lots of data to other cluster members. This is a test to see if we are right about the memory trouble. - Abstracted some of the notice actions into separate scripts. - - Lots of small cleanup and fixes.
22 lines
No EOL
627 B
Text
22 lines
No EOL
627 B
Text
|
|
@prefixes += cluster-worker
|
|
|
|
## Don't do any local logging.
|
|
redef Log::enable_local_logging = F;
|
|
|
|
## Make sure that remote logging is enabled.
|
|
redef Log::enable_remote_logging = T;
|
|
|
|
## Use the cluster's delete-log script.
|
|
redef Log::default_rotation_postprocessor = "delete-log";
|
|
|
|
## Record all packets into trace file.
|
|
# TODO: should we really be setting this to T?
|
|
redef record_all_packets = T;
|
|
|
|
# Workers need to have a filter for the notice log which doesn't
|
|
# do remote logging since we forward the notice event directly.
|
|
event bro_init()
|
|
{
|
|
Log::add_filter(Notice::NOTICE, [$pred(n: Notice::Info) = { return F; }]);
|
|
} |