improvements to the loggers modules:
- allow to specify a connection timeout (there was only a write
timeout).
- performance improvements when building the messages to be
written/sent.
- allow to restart the connection with remote servers if we fill up the
messages queue.
This can occur for example if we connect to a remote server, start
sending messages, but we haven't allowed other connections yet.
In this case the connections never recovered from this state, and we
weren't prompted to allow the needed connections.
(more work nd testing needed)
Under heavy network traffic load, writing to a remote syslog fails with
a timeout. Under this situation the connection didn't recover from that
state, blocking other connections.
To ensure that we continue working normally, as well as keep sending
events to syslog:
- Set a max timeout when writing to a remote syslog.
- Restart the connection with the server, if there're more than 10
errors.
With these fixes along with few other changes, writing to remote syslog
is more reliable, it works as expected.
We need to find the root cause of this behavior, and further test it
(#638).
Now you can send events to syslog, local or remote.
This feature was requested here #638
This feature allows you to integrate opensnitch with your SIEM. Take a
look at the above discussion to see examples with
syslog-ng+promtail+loki+grafana.
There's only one logger implemented (syslog), but it should be easily
expandable to add more type of loggers (elastic, etc).
The event format can be CSV or RFC5424. It sould also be easy to add
more formats.
- Allow to configure stats workers. They were hardcoded to 4.
