The Broker library implements Zeek's high-level communication patterns:
- remote logging
- remote events
- distributed data stores
Remote logging and events all follow a pub/sub communication model between Broker endpoints that are directly peered with each other. An endpoint also has the option of subscribing to its own messages. Subscriptions are matched prefix-wise and endpoints have the capability of fine-tuning the subscription topic strings they wish to advertise to peers as well as the messages they wish to send to them.
The distributed data store functionality allows a master data store associated with one Broker endpoint to be cloned at peer endpoints which may then perform lightweight, local queries against the clone, which automatically stays synchronized with the master store. Clones cannot modify their content directly, instead they send modifications to the centralized master store which applies them and then broadcasts them to all clones.
Applications which integrate the Broker library may communicate with each other using the above-mentioned patterns which are common to Zeek.
See the User Manual for more information. For offline reading, it's
also available in the
doc/ directory of the source tree.
See the NEWS file for the most important release notes and the CHANGES file for the complete history of changes.
Compiling Broker requires the following libraries/tools to already be installed:
The optional Python bindings also require Python 3.5 or greater along with Python development packages.
By default, Broker will use an integrated version of the C++ Actor
Framework (CAF; https://actor-framework.org), though there's still the
option to specify an exernal CAF version via the
configure script option.
On UNIX, we provide a
configure script to automate the CMake setup. To
compile and install into
./configure make make install
./configure --help for more advanced configuration options.
On Windows, we support MSVC natively. We do not support builds via MinGW or Cygwin. For Windows builds, please use CMake directly and use the CMake generator for your Visual Studio version. Afterwards, you can either open the project file with Visual Studio to build Broker, or you can build directly from the command line using CMake:
cmake --build <build-dir> --target install --config release
Please note that Broker currently only supports static builds on MSVC.