[Bro] local.bro causing memory leak
seth at corelight.com
Wed Mar 21 06:45:04 PDT 2018
On 20 Mar 2018, at 16:11, Benjamin Wood wrote:
> The whole problem I'm trying to solve is steaming data into splunk.
> Splunk forwarder's don't like it when filenames change, and the
> artificial delay created by rotating logs adds too much latency. The
> solution that was proposed was "don't rotate logs", and leave them in
> place long enough for the forwarders to finish.
Ah! I'm trying to solve a similar problem with my json-streaming-logs
package. I'm planning on doing some testing and getting that fixed
soon. I think it's still a little broken right now, but I can
definitely sympathize with your trouble. Hopefully there'll be some
guidance on this from me (or you!?) soon. :)
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro