Hello,
I am currently writing a Bro IDS logging plugin for logging to MongoDB. We have implemented both buffered and unbuffered writes and rely on WriterBackend::DoSetBuf to be called in order to switch between the approaches.
Currently, we use a bro script which attaches our plugin to the Conn log and calls Log::set_buf in order to configure the buffering behavior. However, DoSetBuf never gets called on our plugin.
In Manager.cc, Manager::SetBuf loops over the list of writers registered with a given stream and calls the SetBuf method on each of the WriterFrontends. Unfortunately, this list of registered writers is empty before the first write, as writers are initialized as they are needed in the Manager::Write method.
Effectively, this prevents configuring buffering behavior before the first write occurs. I’m new to the Bro code base, but I believe a fix could be made by storing the buffering behavior on the stream and checking this behavior on writer initialization.
Here is the bro script I am currently using,
The source code for the plugin is at https://github.com/ocmdev/bro-mongodb/tree/optionalBuffer.
Does this look like a valid problem?
Logan