[Bro] NSQ plugin getting deprecated in 2.5
mus3 at lehigh.edu
Tue Sep 13 05:33:57 PDT 2016
You make it sound like it being deprecated has more meaning than someone decided to label it as such.
On 09/13/2016 03:45 AM, Daniel Guerra wrote:
> Hi Munroe,
> Too bad its deprecate. There is a running docker example
> In the new repo the best way to it would be using the kafka plugin.
> From kafka you can use an elasticsearch river.
>> On 12 Sep 2016, at 22:46, Munroe Sollog <mus3 at lehigh.edu <mailto:mus3 at lehigh.edu>> wrote:
>> I saw a notice in the 2.5 release notes and I read through the June ’16 conversation about the
>> elasticsearch plugin. I wanted to add my $0.02. For people whom are trying to analyze large
>> traffic flows it becomes imperative to not rely on the disk subsystem for transport. Our current
>> flow looks like:
>> Bro -> NSQ -> Logstash-> ElasticSearch
>> We tried to use the Redis plugin first but it was not built in a way that makes it possible to use
>> with Logstash (I have two or three open issues on github). Moving to NSQ was the only way we
>> could really deploy the service. I’m open to switching to a different messaging broker, but I
>> think it is a bit over-ambitious to deprecate a plugin that works perfectly well (for NSQ at
>> least) without having a viable alternative (RELP, a better Redis plugin, a dedicated NSQ plugin).
>> - Munroe
>> Bro mailing list
>> bro at bro-ids.org <mailto:bro at bro-ids.org>
LTS - Network Analyst
More information about the Bro