set up extension to publish osq logs to another destination #2253
Conversation
| } | ||
| req.Header.Set("Content-Type", "application/json") | ||
|
|
||
| // TODO: set any auth headers ... deal with auth in general |
| Results []distributed.Result `json:"results"` | ||
| } | ||
|
|
||
| func (p *osqueryPublisher) PublishLogs(ctx context.Context, nodeKey string, logType logger.LogType, logs []string) error { |
There was a problem hiding this comment.
Should we buffering and batching these, like we do on the other endpoint?
There was a problem hiding this comment.
If we're talking about the same thing, the extension itself handles buffering and batching of the logs. I think here were are just tacking on a second transport interface. Maybe osquery_publisher is a poor name since really it's just a client?
There was a problem hiding this comment.
Where is the dynamic buffer resizing?
There was a problem hiding this comment.
the extension manages an osq log buffer here, is this what you are referring to? Or is this something that is happening in go-kit with our current service?
There was a problem hiding this comment.
Hrm. So the extension does the log buffering, and we fork after. Which I think means that things are going to be super weird if one of the targets is down.
Which is maybe okay, since it's just a transition period?
There was a problem hiding this comment.
Yea maybe it's okay .... I think I'll look at how bad it would be to set up a store per log destination. I think that would make it easier to switch between the 2 log destinations.
There was a problem hiding this comment.
We'll eventually only have one, so putting up with some ugliness now isn't unreasonable. Though I'm not sure which way that argues
No description provided.