Zeek Webinar, Wed Jan 22nd, 10am Pacific - Pluggable Cluster Backends

Join us on Wednesday, January 22nd at 10am Pacific for the webinar “Pluggable Cluster Backends”.

The Speaker is Arne Welzel from Corelight

Register here, and also note our list of upcoming webinars.

Abstract:

Zeek is extensible through external plugins. Plugins can register components with Zeek’s core, providing new functionality. Prime examples are protocol analyzers, packet sources, or log writers.

Starting with Zeek 7.1, plugins can now extend Zeek with “cluster backend components”. Such components provide publish-subscribe and remote logging functionality to Zeek, allowing nodes to communicate in a cluster. As part of this change, Zeek’s existing Broker integration was converted to provide a cluster backend component. Additionally, an experimental ZeroMQ-based alternative has been added to Zeek’s main development tree.

This new functionality allows users to experiment with Zeek clusters in which individual nodes communicate using off-the-shelf technologies like ZeroMQ or NATS.io, rather than Zeek’s native communication library, Broker.

This talk will provide details about the API, explore the ZeroMQ and NATS.io (prototype) implementations and discuss the differences and opportunities that this development brings.

Bio:

Arne Welzel works for Corelight as a Zeek maintainer. He’s relatively new to the Zeek ecosystem and from time to time pushes controversial experiments, like adding JavaScript support to Zeek. He’s otherwise interested in performance profiling and optimizations.

This post at first stated a wrong date - I just want to confirm that the talk is indeed next Wednesday, January 22nd.