[Zeek] known_*
Mike Dopheide
dopheide at gmail.com
Tue Jul 30 09:37:53 PDT 2019
I think it can get kind of confusing with the naming of different functions.
For instance, in bro_init() you'll see Cluster::create_store(), but later
you'll see Broker::put_unique(). Those are both required bits for the data
store to work and the Cluster* functions use Broker underneath.
The variables like use_service_store toggle whether or not to use the data
store method for persistent data or if you'd rather just use
Cluster::publish_hrw. I imagine that's faster because it's doing less,
then then you obviously lose the persistence.
-Dop
On Tue, Jul 30, 2019 at 3:09 AM Palumbo Mauro <mauro.palumbo at aizoon.it>
wrote:
> Hi everybody,
>
> there are a number of scripts (known_services, known_hosts,
> known_certs) which are implemented both using a broker store and sending
> broker events. It is possible to switch from one mode to the other using
> the option use_service_store.
>
> Is there any particular reason for this? Is one option more efficient than
> the other?
>
>
>
> Thanks,
>
> Mauro
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190730/faa5cf6b/attachment.html
More information about the Zeek
mailing list