[IntelMQ-dev] Speed dumping events in bots
Kamil Mankowski
mankowski at cert.at
Tue May 16 15:27:51 CEST 2023
Hi,
I'm not aware of any way to just dump the message after the first issue.
You could implement this feature - this would be just change in the
intelmq.lib.bot. I'd suggest implementing a config option how the
library should behave, and then keep the current flow as default.
However, how do you need retries after dumping message? If not, then the
'error_max_retries' should be set to 1 for the bot you require. But it
would disable the retries for given bot.
Best regards,
Kamil Mankowski
CERT.at GmbH
www.cert.at
On 5/15/23 11:40, Mika Silander wrote:
> Hi again,
>
> Afaik, if handling an event fails in a bot, the default behaviour of a bot is to sleep 15 seconds and then retry processing. If the retry fails, the bot dumps the event and picks the next event from the inqueue. We have a bot where it would be desirable to change this default behaviour so that the dump is done immediately on the first failure. Is there a way to configure a single bot to behave differently from other bots as described? Or will a change in configuration affect the entire bot net?
>
> If there's no easy way configuring, I guess technically I could implement exceptions to be thrown in those situations where quick dumping is desired and then call the _dump_message(?) method. However, I would prefer to modify as few bots of the official distribution as possible.
>
> Comments, pointers to docs, sources or the like are most welcome.
>
> Br, Mika
> _______________________________________________
> IntelMQ-dev mailing list
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
> https://intelmq.readthedocs.io/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x3E911155943C0414.asc
Type: application/pgp-keys
Size: 9996 bytes
Desc: OpenPGP public key
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20230516/dd976d85/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20230516/dd976d85/attachment.sig>
More information about the IntelMQ-dev
mailing list