Is it possible to log to more than one location? I want my broctl to push a remote logger, AND log locally, for redundancy in case the remote logger dies.
So, each capture node in the cluster should be instructed to log to that capture node, and copy across the wire to the logger node(s). If this is not possible, is there a way to perhaps sniff the outbound link and log that?
Erik
Yes, it is.
I think you only have to redef Log::enable_local_logging to true on the workers (it is usually set to false when enabling cluster mode).
Johanna
I’m not positive about your exact scenario, but I am currently logging to multiple locations. For instance - to flat files, and to a kafka topic - but there is much more that I could be doing. See the logging framework.
Jon
Yep, ok, can do. Thanks Johanna and Zoella!
So redef in local-worker.bro?