[IntelMQ-dev] Speed dumping events in bots
L. Aaron Kaplan
aaron at lo-res.org
Tue May 16 16:27:32 CEST 2023
Hi Mika,
well I see a way to implement this so that existing bots don't get modified or impacted:
* change it in the core so that *only* if a specific config flag is present ("dont_retry_and_dump_quickly": True or similar), then the bot will behave as you write
* handle exceptions and if the flag is set, otherwise continue as normal.
--> effect for existing bots is zero.
Best,
a.
> On 15.05.2023, at 11:40, Mika Silander <mika.silander at csc.fi> wrote:
>
> Hi again,
>
> Afaik, if handling an event fails in a bot, the default behaviour of a bot is to sleep 15 seconds and then retry processing. If the retry fails, the bot dumps the event and picks the next event from the inqueue. We have a bot where it would be desirable to change this default behaviour so that the dump is done immediately on the first failure. Is there a way to configure a single bot to behave differently from other bots as described? Or will a change in configuration affect the entire bot net?
>
> If there's no easy way configuring, I guess technically I could implement exceptions to be thrown in those situations where quick dumping is desired and then call the _dump_message(?) method. However, I would prefer to modify as few bots of the official distribution as possible.
>
> Comments, pointers to docs, sources or the like are most welcome.
>
> Br, Mika
> _______________________________________________
> IntelMQ-dev mailing list
> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
> https://intelmq.readthedocs.io/
More information about the IntelMQ-dev
mailing list