-
Notifications
You must be signed in to change notification settings - Fork 0
/
manager.zeek
53 lines (45 loc) · 1.5 KB
/
manager.zeek
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
@load base/protocols/conn
@load packages/zeek-kafka
@load ./traffic_log
module Manager;
event zeek_init()
{
if ( Supervisor::is_supervisor() )
{
Broker::subscribe("zeek/logs");
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT") + "/tcp"));
local cluster: table[string] of Supervisor::ClusterEndpoint;
cluster["manager"] = [
$role=Supervisor::MANAGER,
$host=127.0.0.1,
$p=10001/tcp
];
cluster["worker"] = [
$role=Supervisor::WORKER,
$host=to_addr(getenv("WORKER_IP")),
$p=10000/tcp,
$interface=getenv("CAPTURE_INTERFACE")
];
for ( n, ep in cluster )
{
local sn = Supervisor::NodeConfig($name=n);
sn$cluster = cluster;
sn$directory = n;
if ( ep?$interface )
sn$interface = ep$interface;
local res = Supervisor::create(sn);
if ( res != "" )
print fmt("supervisor failed to create node '%s': %s", n, res);
}
}
else
print fmt("supervised node '%s' zeek_init()", Supervisor::node()$name);
Log::create_stream(TrafficLog::LOG, [$columns=TrafficLog::Info, $ev=TrafficLog::log_test, $path="factor"]);
}
event zeek_done()
{
if ( Supervisor::is_supervised() )
print fmt("supervised node '%s' zeek_done()", Supervisor::node()$name);
else
print "supervisor zeek_done()";
}