Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/actor-system: First-pass broker-enabled Cluster scripting API + misc. (07ad06b)

> On Nov 2, 2017, at 5:33 PM, Azoff, Justin S wrote: > > The optimization could be built into broker though, something like > >Broker::broadcast_magic_once_whatever(Cluster::worker_pool, key, SSL:: > intermediate_add, key, value); > > That would hash the key, send

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/actor-system: First-pass broker-enabled Cluster scripting API + misc. (07ad06b)

> On Nov 2, 2017, at 5:54 PM, Siwek, Jon wrote: > > Thanks, though I’m not sure this scenario maps well to this particular point. > E.g. my impression is Justin wants a single BIF/function that can send one > event from a worker to a proxy and have the proxy purely relay

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/actor-system: First-pass broker-enabled Cluster scripting API + misc. (07ad06b)

> On Nov 2, 2017, at 5:21 PM, Siwek, Jon wrote: >> >> Mostly so that workers don't end up spending all their time sending out >> messages when they should be analyzing packets. > > Ok, I get what you want to avoid, though could be interesting to actually > have a

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/actor-system: First-pass broker-enabled Cluster scripting API + misc. (07ad06b)

> On Nov 2, 2017, at 1:37 PM, Aashish Sharma wrote: > >>> In the case of broadcasting from a worker to all other workers, the reason >>> why you relay via another node is only because workers are not connected to >>> each other? Do we know that a fully-connected cluster is a

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/actor-system: First-pass broker-enabled Cluster scripting API + misc. (07ad06b)

> On Nov 2, 2017, at 12:58 PM, Azoff, Justin S wrote: > > >> On Nov 2, 2017, at 1:22 PM, Siwek, Jon wrote: >> >> >>> On Nov 1, 2017, at 6:11 PM, Azoff, Justin S wrote: >>> >>> - a bif/function for efficiently broadcasting an

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/actor-system: First-pass broker-enabled Cluster scripting API + misc. (07ad06b)

> On Nov 2, 2017, at 2:37 PM, Aashish Sharma wrote: > > > > Now, while Justins' multiple data nodes idea has specticular merits, I am not > much fan of it. Reason being having multiple data-notes results in same sets > of problems It does not have the same problems.. It

Re: [Bro-Dev] File Analysis Inconsistencies

Justin, Thank you. I peeled the egg off my face and updated the github code accordingly. However, I have run into an additional interesting tidbit if I use event file_sniff to attach an analyzer or Files::register_for_mime_types, neither will generate a files.log entry when I am not running a

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/actor-system: First-pass broker-enabled Cluster scripting API + misc. (07ad06b)

My view: I have again and again encountered 4 types cases while doing script/pkg work: 1) manager2worker: Input-framework reads external data and all workers need to see it. examples: intel-framework, 2) worker2manager: workers see something report to manager, manager keeps aggregated

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/actor-system: First-pass broker-enabled Cluster scripting API + misc. (07ad06b)

> On Nov 2, 2017, at 1:22 PM, Siwek, Jon wrote: > > >> On Nov 1, 2017, at 6:11 PM, Azoff, Justin S wrote: >> >> - a bif/function for efficiently broadcasting an event to all other workers >> (or data nodes) >> - If the current node is a data node,

Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/actor-system: First-pass broker-enabled Cluster scripting API + misc. (07ad06b)

> On Nov 1, 2017, at 6:11 PM, Azoff, Justin S wrote: > > - a bif/function for efficiently broadcasting an event to all other workers > (or data nodes) > - If the current node is a data node, just send it to all workers > - otherwise, round robin the event to a data