Ports for workers

Zeek
1

Have two machines, one running manager, logger, proxy, worker.

Second machine running worker.

Cluster appears to be working.

However, some of the commands in zeekctl hang. (peerstatus, netstats)

Appears to be due to firewall on the second machine. Disabling firewall the commands work as expected.

What ports on the second machine need to be opened?

I found ports for:

Logger 47761

Manager 47762

Proxy 47763

Thank you.

2

It’s explained here:

https://github.com/zeek/zeekctl/blob/master/doc/main.rst#zeek-communication

You can also see exactly what ports have been allocated if you look at

/usr/local/bro/spool/installed-scripts-do-not-touch/auto/cluster-layout.bro