[Bro-Dev] New logging architecture
Gilbert Clark
gc355804 at ohio.edu
Thu Jul 7 12:26:06 PDT 2011
On 7/7/2011 2:34 PM, Jonathan Siwek wrote:
>> Another good point. Is there a good reason to keep inproc streams PUSH
>> / PULL if inter-process communications use PUB / SUB?
> The PUB socket has the potential to drop messages when a high-water mark
> is reached for a subscriber. That didn't seem acceptable for inproc.
> (BTW, I don't know exactly how HWMs are defined, I was just glancing at
> the "zmq_socket" man page).
>
> - Jon
I could also see dropping messages under load as be a plus; wouldn't we
want the event processing loop to keep running if whatever's receiving
the inproc:// messages can't keep up?
It's true that we could end up with slightly inconsistent logs that way;
at the same time, I think this could do quite a bit to help the event
processor keep chugging along in the event the system as a whole became
overloaded.
--Gilbert
More information about the bro-dev
mailing list