[Bro] NSQ plugin getting deprecated in 2.5

Robin Sommer robin at icir.org
Fri Sep 16 14:50:07 PDT 2016



On Mon, Sep 12, 2016 at 16:46 -0400, Munroe Sollog wrote:

> that works perfectly well (for NSQ at least) without having a viable
> alternative (RELP, a better Redis plugin, a dedicated NSQ plugin).

I don't know enough about NSQ/ElasticSearch to say much about the
quality of the plugin. Is there a consensus that it works fine with
NSQ, but not with ElasticSearch? The older thread seems to suggest
that. Note, the problem with the record field separators is addressed
by now, Bro 2.5 comes with this new option:
https://www.bro.org/sphinx-git/scripts/base/frameworks/logging/main.bro.html?highlight=log%3A%3Adefault_scope_sep#id-Log::default_scope_sep

I'm wondering if there's anybody who'd be interested in taking over
ownership of the plugin. We are planing to move bro-plugins/* into
separately distributed Bro packages anyways, using the new Bro package
manager. If somebody wanted to take ownership of the plugin that way,
they could just starting maintaining a package for it. An option could
also be turning it into a NSQ-only plugin?

Robin

-- 
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin


More information about the Bro mailing list