[Bro-Dev] New logging architecture

Gilbert Clark gc355804 at ohio.edu
Mon Jul 4 16:16:29 PDT 2011

> So how about instead turning each LogWriter into a thread in the same
> way as you propose: making it self-contained with message-passing 0mq
> sockets and a simple protocol for sending the various types of
> messages (like Init, Write, etc.; just as you said).

That makes sense.  See note about message types, however; after reading 
Jon's comments, I'm starting to think that Rotate / Init / etc. should 
be handled by the client exclusively.

Also, supporting Init, Enable, Disable, etc. would open up a world of 
fun security issues to deal with on the client / subscriber end.

>> than encapsulating everything when passing within a single process...
> By encapsulating do you mean the LogVal::{Read,Write} serializations?
> I don't think we'll actually get around them. They are to make things
> thread-safe by decoupling the writer's data from Bro's main data
> structures.

No.  I was referring more to the LogWriter::Write -- when dealing with 
something inproc, it doesn't make sense to take the entire LogVal ** and 
encapsulate it into a 0mq message if we can just pass the LogVal pointer 
directly instead.


More information about the bro-dev mailing list