[IntelMQ-dev] Speed dumping events in bots
L. Aaron Kaplan
aaron at lo-res.org
Tue May 16 16:30:53 CEST 2023
And Kamil already answered it better ... :)
sorry for the noise.
Best,
a.
> On 16.05.2023, at 15:27, Kamil Mankowski via IntelMQ-dev <intelmq-dev at lists.cert.at> wrote:
>
> Signed PGP part
> Hi,
>
> I'm not aware of any way to just dump the message after the first issue. You could implement this feature - this would be just change in the intelmq.lib.bot. I'd suggest implementing a config option how the library should behave, and then keep the current flow as default.
>
> However, how do you need retries after dumping message? If not, then the 'error_max_retries' should be set to 1 for the bot you require. But it would disable the retries for given bot.
>
> Best regards,
> Kamil Mankowski
> CERT.at GmbH
> www.cert.at
>
> On 5/15/23 11:40, Mika Silander wrote:
>> Hi again,
>> Afaik, if handling an event fails in a bot, the default behaviour of a bot is to sleep 15 seconds and then retry processing. If the retry fails, the bot dumps the event and picks the next event from the inqueue. We have a bot where it would be desirable to change this default behaviour so that the dump is done immediately on the first failure. Is there a way to configure a single bot to behave differently from other bots as described? Or will a change in configuration affect the entire bot net?
>> If there's no easy way configuring, I guess technically I could implement exceptions to be thrown in those situations where quick dumping is desired and then call the _dump_message(?) method. However, I would prefer to modify as few bots of the official distribution as possible.
>> Comments, pointers to docs, sources or the like are most welcome.
>> Br, Mika
>> _______________________________________________
>> IntelMQ-dev mailing list
>> https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev
>> https://intelmq.readthedocs.io/
> <OpenPGP_0x3E911155943C0414.asc>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20230516/ca7b36d2/attachment.sig>
More information about the IntelMQ-dev
mailing list