[Bro] NSQ plugin getting deprecated in 2.5
Azoff, Justin S
jazoff at illinois.edu
Wed Sep 21 08:18:09 PDT 2016
> On Sep 21, 2016, at 11:06 AM, Seth Hall <seth at icir.org> wrote:
>
>
>> On Sep 19, 2016, at 12:15 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
>>
>> That wasn't really NSQ that required that, it was whatever was pulling the records out of NSQ and pushing them into ES that wanted that.
>>
>> I think the new logging ext stuff that was added for kafka would make that extra record redundant now.
>
> You're right, that could be skipped, but you run into the issue of having only a single queue which could cause trouble if one log type is overwhelming everything else.
For NSQ the destination queue is part the url that is POSTed to and can still be per log stream.
The plugin currently sends it all to one queue, but it could work the same as the kafka plugin does with one queue per log stream.
--
- Justin Azoff
More information about the Bro
mailing list