I have a python Broccoli script that works when bro is running in standalone mode and listening on a port I specify. Now I want to get it working when Bro is running in a localhost cluster config. I can see my system listening on the port, and I know my broccoli script is connecting to the port. But the broccoli script never receives any events.
Is it the manager, proxy, or worker process that listens on the port? If it’s the manager or proxy I suppose it could broker the events. But if multiple workers try to bind to the specified port, of course only one could. If I don’t specify the listening port, would the workers try to open multiple ports? How would my broccoli script know which ports to connect to? Would I have to run multiple instances of my broccoli script, one for each port (or heavily alter my script to connect to multiple ports)?
In short, how is this supposed to be done in a cluster setup?
I saw a question from July 2015 on this very subject, but I didn’t find any responses. http://mailman.icsi.berkeley.edu/pipermail/bro/2015-July/008726.html