> On Oct 6, 2017, at 5:58 PM, Robin Sommer wrote:
>
> In the most simple version of this, the cluster framework would just
> hard-code a subscription to "bro/cluster/". And then scripts like the
> Intel framework would just publish all their events to "bro/cluster/"
> directly through Broker.
I
> On Oct 10, 2017, at 2:10 PM, Johanna Amann wrote:
>
> it - after you set up a store with Broker::InitStore, how do you interact
> with Software::tracked_store?
Probably best to look at this Broker script API:
https://github.com/bro/bro/blob/topic/actor-system/scripts/base/frameworks/broker/s
On Mon, Oct 09, 2017 at 19:33 +, you wrote:
> It’s just a matter of where you expect most users to feel comfortable
> making customizations: in Bro scripts or in a broctl config file.
True, though I think that applies to much of Bro's configuration, like
the logging for example. Either way,
> Script-Author Example Usage
> ---
>
> # Script author that wants to utilize data stores doesn't have to be aware of
> # whether user is running a cluster or if they want to use persistent storage
> # backends.
>
> const Software::tracked_store_name = "bro/framework/softw
> On Fri, Oct 06, 2017 at 16:53 +, you wrote:
>
> > # contains topic prefixes
> > const Cluster::manager_subscriptions: set[string] &redef;
> >
> > # contains (topic string, event name) pairs
> > const Cluster::manager_publications: set[string, string] &redef;
>
> I'm wonderi
> On Oct 6, 2017, at 5:58 PM, Robin Sommer wrote:
>
> In the most simple version of this, the cluster framework would just
> hard-code a subscription to "bro/cluster/". And then scripts like the
> Intel framework would just publish all their events to "bro/cluster/"
> directly through Broker.
>
> On Oct 9, 2017, at 2:08 PM, Siwek, Jon wrote:
>
>
>> I got send_event_hashed to work via a bit of a hack
>> (https://github.com/JustinAzoff/broker_distributed_events/blob/master/distributed_broker.bro),
>> but it needs support from inside broker or at least the bro/broker
>> integration to
> I got send_event_hashed to work via a bit of a hack
> (https://github.com/JustinAzoff/broker_distributed_events/blob/master/distributed_broker.bro),
> but it needs support from inside broker or at least the bro/broker
> integration to work properly in the case of node failure.
>
> My ultimate
Nice!
On Fri, Oct 06, 2017 at 16:53 +, you wrote:
> # contains topic prefixes
> const Cluster::manager_subscriptions: set[string] &redef;
>
> # contains (topic string, event name) pairs
> const Cluster::manager_publications: set[string, string] &redef;
I'm wondering
> On Oct 6, 2017, at 12:53 PM, Siwek, Jon wrote:
>
> I want to check if there’s any feedback on the approach I’m planning to take
> when porting over Bro’s scripts to use Broker. There’s two major areas to
> consider: (1) how users specify network topology e.g. either for traditional
> clust
I want to check if there’s any feedback on the approach I’m planning to take
when porting over Bro’s scripts to use Broker. There’s two major areas to
consider: (1) how users specify network topology e.g. either for traditional
cluster configuration or manually connecting Bro instances and (2)
11 matches
Mail list logo
