Feature #352: Switching to message queuing system for output - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #352

closed

Switching to message queuing system for output

Feature #352: Switching to message queuing system for output

Added by Eric Leblond over 14 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Effort:

Difficulty:

Label:

Description

Actual threading model consider output modules as standard functions which are run synchronously in the life of a packet inside suricata. But logging functions involve I/O on disk or on the network. They thus can be really time expensive.
There is a potential performance issue there because, the building the alert message trigger the locking of ressources like flow. It will thus be interesting to switch:

to asynchrounous I/O operation OR
to a message queuing system where an alert structure build from a copy of information is sent to the output modules.

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #352

Switching to message queuing system for output

DY Updated by delta yeh over 14 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 14 years ago Actions
Copy link
#3

VJ Updated by Victor Julien over 13 years ago Actions
Copy link
#4

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
#5

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
#6

VJ Updated by Victor Julien over 11 years ago Actions
Copy link
#7

VJ Updated by Victor Julien about 10 years ago Actions
Copy link
#8

JM Updated by James Mistry over 8 years ago Actions
Copy link
#9

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
#10

AH Updated by Andreas Herz about 7 years ago Actions
Copy link
#11

JI Updated by Jason Ish over 6 years ago Actions
Copy link
#12

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
#13

Project

General

Profile

Suricata

Custom queries

Feature #352

Switching to message queuing system for output

DY Updated by delta yeh over 14 years ago ActionsCopy link #1

VJ Updated by Victor Julien over 14 years ago ActionsCopy link #2

VJ Updated by Victor Julien almost 14 years ago ActionsCopy link #3

VJ Updated by Victor Julien over 13 years ago ActionsCopy link #4

VJ Updated by Victor Julien over 12 years ago ActionsCopy link #5

VJ Updated by Victor Julien over 12 years ago ActionsCopy link #6

VJ Updated by Victor Julien over 11 years ago ActionsCopy link #7

VJ Updated by Victor Julien about 10 years ago ActionsCopy link #8

JM Updated by James Mistry over 8 years ago ActionsCopy link #9

VJ Updated by Victor Julien over 7 years ago ActionsCopy link #10

AH Updated by Andreas Herz about 7 years ago ActionsCopy link #11

JI Updated by Jason Ish over 6 years ago ActionsCopy link #12

VJ Updated by Victor Julien over 6 years ago ActionsCopy link #13

DY Updated by delta yeh over 14 years ago Actions
Copy link
#1

VJ Updated by Victor Julien over 14 years ago Actions
Copy link
#2

VJ Updated by Victor Julien almost 14 years ago Actions
Copy link
#3

VJ Updated by Victor Julien over 13 years ago Actions
Copy link
#4

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
#5

VJ Updated by Victor Julien over 12 years ago Actions
Copy link
#6

VJ Updated by Victor Julien over 11 years ago Actions
Copy link
#7

VJ Updated by Victor Julien about 10 years ago Actions
Copy link
#8

JM Updated by James Mistry over 8 years ago Actions
Copy link
#9

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
#10

AH Updated by Andreas Herz about 7 years ago Actions
Copy link
#11

JI Updated by Jason Ish over 6 years ago Actions
Copy link
#12

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
#13