[Bro] ElasticSearch plugin
seth at icir.org
Tue Jun 14 09:30:26 PDT 2016
> On Jun 14, 2016, at 10:04 AM, Vlad Grigorescu <vladg at illinois.edu> wrote:
> I think we should be a bit cautious here. Let's not forget that this is
> really an ElasticSearch and NSQ writer. I've had very good success with
> NSQ at high rate, so I don't really see much value to the second
Are you proposing that you'll take over responsibility for the module?
I think it would make sense to have a separate NSQ module too if you find value in that. That way if/when ES or NSQ specific tweaks (or other HTTP-based outputs) come into play we aren't creating a mess of various configuration options in a single module.
> I think the better solution would simply be to make the record separator
> redef-able in the formatter. I can *maybe* see the argument for using
> '.' instead of '$' in the ASCII logs, but since the other separators are
> user-definable, I think this one should be as well.
This already exists in topic/seth/log-framework-ext and hopefully will be getting merged soon along with some other logging framework changes I did recently.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160614/af1a9775/attachment.bin
More information about the Bro