[Bro] NSQ plugin getting deprecated in 2.5
Munroe Sollog
mus3 at lehigh.edu
Tue Sep 13 05:33:57 PDT 2016
You make it sound like it being deprecated has more meaning than someone decided to label it as such.
- Munroe
On 09/13/2016 03:45 AM, Daniel Guerra wrote:
> Hi Munroe,
>
>
> Too bad its deprecate. There is a running docker example
>
> https://hub.docker.com/r/danielguerra/bro-debian-elasticsearch/
>
> In the new repo the best way to it would be using the kafka plugin.
> From kafka you can use an elasticsearch river.
>
> Regards,
>
> Daniel
>
>> On 12 Sep 2016, at 22:46, Munroe Sollog <mus3 at lehigh.edu <mailto:mus3 at lehigh.edu>> wrote:
>>
>> I saw a notice in the 2.5 release notes and I read through the June ’16 conversation about the
>> elasticsearch plugin. I wanted to add my $0.02. For people whom are trying to analyze large
>> traffic flows it becomes imperative to not rely on the disk subsystem for transport. Our current
>> flow looks like:
>>
>> Bro -> NSQ -> Logstash-> ElasticSearch
>>
>> We tried to use the Redis plugin first but it was not built in a way that makes it possible to use
>> with Logstash (I have two or three open issues on github). Moving to NSQ was the only way we
>> could really deploy the service. I’m open to switching to a different messaging broker, but I
>> think it is a bit over-ambitious to deprecate a plugin that works perfectly well (for NSQ at
>> least) without having a viable alternative (RELP, a better Redis plugin, a dedicated NSQ plugin).
>>
>> Thanks
>> - Munroe
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org <mailto:bro at bro-ids.org>
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
--
Munroe Sollog
LTS - Network Analyst
x85002
More information about the Bro
mailing list