Project

General

Profile

Actions
Copy link

Feature #3321

open

Evaluate different encoders for eve-log

Added by Davide Setti over 4 years ago. Updated over 3 years ago.

Status:
New
Priority:
Low
Assignee:
Community Ticket
Target version:
TBD
Effort:
Difficulty:
Label:

Description

We were thinking that it could be useful to be able to choose a specific encoders for eve JSON logs.

As of now these logs are encoded as normal JSON strings, however in some use cases it could be better to use a different encoder to write output.

In example msgpack could be a good choice when sending output to redis (or even to file) because it reduces output size. This may also help increasing output performances in high throughput environments.

Actions
Copy link
 #1

Updated by Victor Julien over 4 years ago

  • Assignee set to Community Ticket

We will definitely need help with this.

Actions
Copy link
 #2

Updated by Jason Ish over 4 years ago

Some discussion of this has occurred before. Do we find some intermediate data format that we can then render to JSON, msgpack, etc? Or do we give up that idea and make the most performance JSON output we can.

The most common answer I hear is JSON, but its something that needs to be settled before doing anything about it, as its a huge change to do either.

Actions
Copy link
 #3

Updated by Andreas Herz over 4 years ago

  • Target version set to TBD
Actions
Copy link
 #4

Updated by Jason Ish over 4 years ago

  • Priority changed from Normal to Low

Optimizing eve output for performance is the current priority. That may be hard to do, and offer alternative output formats.

Actions
Copy link
 #5

Updated by Victor Julien over 3 years ago

I think we have been successful at speeding up eve, through #3707 and #3293.

Actions
Copy link

Also available in: Atom PDF