mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 16:48:19 +00:00
be65acec4e
- It's ok to always load the framework. If you don't specifiy the CLUSTER_NODE environment variable it doesn't ultimately do anything. - The $CLUSTER_NODE variable causes the framework to try and load a script named cluster-layout.bro which must be located somewhere in your $BROPATH. The value of the $CLUSTER_NODE variable is a count that indicates a node in the Cluster::nodes variable that is set in the cluster-layout.bro script. - The Cluster::nodes variable is a flat configuration because it's assumed that it would be automatically generated by a utility such as BroControl. This will facilitate the tiered or "deep" clustering that is coming.
23 lines
484 B
Text
23 lines
484 B
Text
##! This script only aims at loading all of the base analysis scripts.
|
|
|
|
@load protocols/conn
|
|
@load protocols/dns
|
|
@load protocols/ftp
|
|
@load protocols/http
|
|
@load protocols/irc
|
|
@load protocols/mime
|
|
@load protocols/smtp
|
|
@load protocols/ssh
|
|
@load protocols/ssl
|
|
@load protocols/syslog
|
|
|
|
@load frameworks/metrics
|
|
@load frameworks/notice
|
|
@load frameworks/signatures
|
|
@load frameworks/software
|
|
@load frameworks/reporter
|
|
@load frameworks/cluster
|
|
|
|
@load detectors/http-MHR
|
|
|
|
@load tuning/defaults
|