> On Apr 26, 2018, at 4:25 PM, Azoff, Justin S <jaz...@illinois.edu> wrote: > > Other than that things are working great. Cluster::publish_hrw is > distributing data cross proxies perfectly: > > # for x in 1 2 3; do broctl print Scan::attacks proxy-$x|grep attempts= > -c;done > 3304 > 3405 > 3397 > > # cat /bro/logs/current/notice.log |bro-cut note peer_descr|grep Scan::|cut > -f 2|sort|uniq -c > 454 proxy-1 > 463 proxy-2 > 417 proxy-3 > > Once this is stable for a bit i'll start trying things like killing a proxy > and verifying that things failover. >
I tested this and it works great! I killed proxy-3, and cluster.log immediately logged it as 'node down' The publish_hrw sent the new data to proxy 1 and 2 and when proxy 3 was restarted it rejoined and started receiving data again. The next step is 2+ managers and 2+ loggers and we can finally have a bro cluster with no SPOF :) — Justin Azoff _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev