[Intelmq-dev] Should an OutputBot _dump_message()s?
Bernhard Reiter
bernhard at intevation.de
Thu May 14 14:02:25 CEST 2020
Hi IntelMQ-Devs,
wondering what an OutputBot should do, if it cannot
put an event to the output, because of the event itself.
Should it do something like
self.logger.warning("event does not meet criteria for output")
self._dump_message()
# to place the event in a dump file for later inspection
self.acknowledge_message()
?
Background: the
https://github.com/certtools/intelmq/blob/develop/intelmq/bots/outputs/misp/output_api.py
seems to get events that it cannot insert into MISP, because
some fields necessary in the intelmq event are not filled with values.
If the bot detects this, it can skip the event,
but it seems a good idea to preserve enough info how the empty values came to
be.
The alternatives to dumping would be
a) write out the event in the log using self.logger
b) just ignore the event
Thanks,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20200514/7acf07f7/attachment.sig>
More information about the Intelmq-dev
mailing list