[Bro-Dev] New logging architecture
Gilbert Clark
gc355804 at ohio.edu
Mon Jul 4 16:16:29 PDT 2011
> So how about instead turning each LogWriter into a thread in the same
> way as you propose: making it self-contained with message-passing 0mq
> sockets and a simple protocol for sending the various types of
> messages (like Init, Write, etc.; just as you said).
That makes sense. See note about message types, however; after reading
Jon's comments, I'm starting to think that Rotate / Init / etc. should
be handled by the client exclusively.
Also, supporting Init, Enable, Disable, etc. would open up a world of
fun security issues to deal with on the client / subscriber end.
>> than encapsulating everything when passing within a single process...
> By encapsulating do you mean the LogVal::{Read,Write} serializations?
> I don't think we'll actually get around them. They are to make things
> thread-safe by decoupling the writer's data from Bro's main data
> structures.
No. I was referring more to the LogWriter::Write -- when dealing with
something inproc, it doesn't make sense to take the entire LogVal ** and
encapsulate it into a 0mq message if we can just pass the LogVal pointer
directly instead.
--Gilbert
More information about the bro-dev
mailing list