mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 16:48:19 +00:00
f45a3e8878
Changed the cluster framework scripts by adding a new Bro node type for doing logging (this is intended to reduce the load on the manager). If a user chooses not to specify a logger node in the cluster configuration, then the manager will write logs locally as usual.
29 lines
1.1 KiB
Text
29 lines
1.1 KiB
Text
##! This is the core Bro script to support the notion of a cluster manager.
|
|
##!
|
|
##! The manager is passive (the workers connect to us), and once connected
|
|
##! the manager registers for the events on the workers that are needed
|
|
##! to get the desired data from the workers. This script will be
|
|
##! automatically loaded if necessary based on the type of node being started.
|
|
|
|
##! This is where the cluster manager sets it's specific settings for other
|
|
##! frameworks and in the core.
|
|
|
|
@prefixes += cluster-manager
|
|
|
|
## Don't do any local logging since the logger handles writing logs.
|
|
redef Log::enable_local_logging = F;
|
|
|
|
## Turn on remote logging since the logger handles writing logs.
|
|
redef Log::enable_remote_logging = T;
|
|
|
|
## Log rotation interval.
|
|
redef Log::default_rotation_interval = 24 hrs;
|
|
|
|
## Alarm summary mail interval.
|
|
redef Log::default_mail_alarms_interval = 24 hrs;
|
|
|
|
## Use the cluster's delete-log script.
|
|
redef Log::default_rotation_postprocessor_cmd = "delete-log";
|
|
|
|
## We're processing essentially *only* remote events.
|
|
redef max_remote_events_processed = 10000;
|