I note there’s a post from the Bro v3 days about a multi-logger patch.
Is there any doc or best-practice material regarding multi-logger configuration in Zeek v4+? There’s a note in the zeekctl github CHANGES file for 2020-03-26 “Clarify docs and example for multi-logger cluster” - but my git-fu is weak and I cannot find such docs or example. We are trying to go to a multi-logger config because a single logger config seems to chew up all our memory over time and make things go crash.
Thanks for any info,
Glenn Forbes Fleming Larratt
Cornell IT Security