Project

General

Profile

Bug #26

Modification of message emission behavior with manager AND

Added by Yoann VANDOORSELAERE almost 20 years ago. Updated almost 15 years ago.

Status:
Closed
Priority:
High
Target version:
-
Start date:
Due date:
% Done:

0%

Resolution:
fixed

Description

Currently when using {{
manager_addr = x.x.x.x && y.y.y.y
}}

The emission will stop if emission to x.x.x.x fail. However, from a practical point of view, people who use AND of manager for redondancy want both manager to receive exactly the same messages, even if one of the Manager fail.

Thus, in case emission x.x.x.x fail, we still want to emit the message to y.y.y.y, and save the failed message associating them to x.x.x.x manager, for later emission.

History

#1 Updated by Yoann VANDOORSELAERE almost 20 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Implementedin r3775: example with A && B || C && D:

- if A and B are not both known to be dead:
- send or backup to A [if send fail backup for A]
- send or backup to B [if send fail backup for B]

- else if C and D are not both known to be dead:
- send or backup to C [if send fail backup for C]
- send or backup to D [if send fail backup for D]
- else if everything is known to be dead:
- backup to the global failover, and flush to the first pair of manager to be available.

#2 Updated by Yoann VANDOORSELAERE almost 15 years ago

  • Project changed from PRELUDE SIEM to Libprelude
  • Category deleted (1)

Also available in: Atom PDF