[Bro] NSQ plugin getting deprecated in 2.5
Seth Hall
seth at icir.org
Thu Sep 22 06:39:46 PDT 2016
> On Sep 21, 2016, at 11:18 AM, Azoff, Justin S <jazoff at illinois.edu> wrote:
>
> For NSQ the destination queue is part the url that is POSTed to and can still be per log stream.
Yep, that was Vlad's point about that being added to the URL when sending to NSQ. :)
> The plugin currently sends it all to one queue, but it could work the same as the kafka plugin does with one queue per log stream.
I think what makes the most sense here would be to fork off the ElasticSearch plugin and create an NSQ specific plugin. If someone wanted to go crazy with options, I could imagine even making a generic HTTP writer plugin as you suggested earlier. I suspect that it would be quite hard to get that right for any number of different HTTP endpoints. It probably makes more sense to just tailor for whatever is receiving logs on the other end.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list