[IntelMQ-dev] Documentation on bot statistics collection
Mika Silander
mika.silander at csc.fi
Mon Aug 8 13:48:43 CEST 2022
Hi,
A few issues still remain to be solved before going to production and one of them is how to collect statistics on events. It looks to me that lib/bot.py contains code for collecting statistics and pushing cached data to a Redis instance, but I'd like to know if there's documentation describing the statistics collection in general and recommendations on its use? Any best practices or similar docs?
I see there is the EventDB implementation but that in turn seems to be limited to statistics data being pushed out from intelmq via an SQL output bot. In our case we'd also need to keep a count on events being fed into intelmq. We'll probably also need some intermediate collection points within our bot net to keep track of the number of anomalous etc events. Therefore, leveraging somehow the constructs within lib/bot.py seems a better choice for us.
As always, pointers are welcome and please correct me if I've understood something wrong above.
Br, Mika
More information about the IntelMQ-dev
mailing list