[Bro-Dev] Broker's remote logging (BIT-1784)

Siwek, Jon jsiwek at illinois.edu
Sun Feb 5 14:04:04 PST 2017


> On Jan 31, 2017, at 5:41 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
> 
>> I'm wondering if there's a reason that in the Broker case things
>> *have* to be this way. Is there something that prevents the Broker
>> manager from doing the same as the RemoteSerializer?
> 
> Jon would know best, but I'd guess one form was more convenient to use than the other and it may have been assumed that they both did the same thing.  

I think I was aware of the differences and went ahead with that approach because there's the extra technical work of writing code to convert value types as Robin mentions and also it's conceptually more flexible than the old way.

I understand the argument that the old semantics (manager not running log events/filters) may be more performant, though, I’d consider whether the internal comm. framework or the base/user scripts should be the one to decide.

I think the later is better, so the problem breaks down into (1) does the user have the ability to fully control whether log events/filters run on any given node via scripts? and (2) are the default settings/scripts sane for the common use-case?

(1) is likely true, so (2) sounds like it needs to be fixed.

Just a different idea on how to approach solving the issue without having to touch the framework's internals.  (it’s been a while, hope it’s not way off base)

- Jon



More information about the bro-dev mailing list