Project

General

Profile

Actions

Feature #3321

open

Evaluate different encoders for eve-log

Added by Davide Setti about 5 years ago. Updated about 4 years ago.

Status:
New
Priority:
Low
Target version:
Effort:
Difficulty:
Label:

Description

We were thinking that it could be useful to be able to choose a specific encoders for eve JSON logs.

As of now these logs are encoded as normal JSON strings, however in some use cases it could be better to use a different encoder to write output.

In example msgpack could be a good choice when sending output to redis (or even to file) because it reduces output size. This may also help increasing output performances in high throughput environments.

Actions #1

Updated by Victor Julien about 5 years ago

  • Assignee set to Community Ticket

We will definitely need help with this.

Actions #2

Updated by Jason Ish about 5 years ago

Some discussion of this has occurred before. Do we find some intermediate data format that we can then render to JSON, msgpack, etc? Or do we give up that idea and make the most performance JSON output we can.

The most common answer I hear is JSON, but its something that needs to be settled before doing anything about it, as its a huge change to do either.

Actions #3

Updated by Andreas Herz about 5 years ago

  • Target version set to TBD
Actions #4

Updated by Jason Ish almost 5 years ago

  • Priority changed from Normal to Low

Optimizing eve output for performance is the current priority. That may be hard to do, and offer alternative output formats.

Actions #5

Updated by Victor Julien about 4 years ago

I think we have been successful at speeding up eve, through #3707 and #3293.

Actions

Also available in: Atom PDF