Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updates for the various Broker changes

Browse source
This commit is contained in:
Christian Kreibich 2025-04-24 17:06:32 -07:00 committed by Tim Wojtulewicz
parent 3d584011a0
commit fee65e83ee
1 changed files with 33 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

33
NEWS
View file

@ -98,6 +98,26 @@ New Functionality
options ``Broker::log_severity_level`` and ``Broker::log_stderr_severity_level`` have options ``Broker::log_severity_level`` and ``Broker::log_stderr_severity_level`` have
been introduced to control the which events to expose by default. been introduced to control the which events to expose by default.
- Broker's new per-peer send buffer backpressure handling, introduced in 7.1,
has received several updates. We've increased the default buffer sizes to 8192
messages for both peers and websockets, and switched the default overflow
handling policy to "drop_oldest", meaning that in a full buffer the oldest
message enqueued gets dropped to allow enqueuing a new one. Three additional
metrics are available to understand the health of each peering's buffer,
regardless of the overflow policy active. These are:
- zeek_broker_peer_buffer_levels: a gauge of the current buffer fill level,
- zeek_broker_peer_buffer_recent_max_levels: a gauge that tracks the maximum
buffer fill level seen over the last ``Broker::buffer_stats_reset_interval`.
- zeek_broker_peer_buffer_overflows_total: a counter that tracks the number
of times a given peering's send buffer has overflowed. For the "drop_oldest"
and "drop_newest" policies, this is the count of messages dropped.
Each of these is labeled with the current endpoint and the peer's, as provided
by the cluster topology.
- New WebSocket functionality was added to Zeek's cluster component. - New WebSocket functionality was added to Zeek's cluster component.
Users of Broker's WebSocket interface should replace their ``Broker::listen_websocket()`` Users of Broker's WebSocket interface should replace their ``Broker::listen_websocket()``
@ -207,6 +227,9 @@ Changed Functionality
connection attempts to ephemeral TCP client-side ports, which could clutter the Broker connection attempts to ephemeral TCP client-side ports, which could clutter the Broker
logs. logs.
- The connect and listen retry intervals of Broker and the Cluster framework
have all been reduced to one second, from previously 30s/60s.
- The protocol confirmation for IRC was made more robust. It now checks for valid commands - The protocol confirmation for IRC was made more robust. It now checks for valid commands
before confirming a connection as IRC. before confirming a connection as IRC.
@ -229,6 +252,13 @@ Changed Functionality
our switch to use the C-Ares library back in the 5.0 release, but we never removed the our switch to use the C-Ares library back in the 5.0 release, but we never removed the
requirement from CMake. requirement from CMake.
Removed Functionality
---------------------
- Broker's broker_buffered_messages metric has been removed, since the
backpressure handling introduced in 7.1 rendered it obsolete. Use the new
per-peering metrics described above instead.
Deprecated Functionality Deprecated Functionality
------------------------ ------------------------
@ -238,6 +268,9 @@ Deprecated Functionality
- ``Broker::listen_websocket()`` was deprecated in favor of ``Cluster::listen_websocket()`. - ``Broker::listen_websocket()`` was deprecated in favor of ``Cluster::listen_websocket()`.
- The ``Broker::congestion_queue_size`` tunable has had no effect since Zeek 5.0
and is slated for removal without replacement.
Zeek 7.1.0 Zeek 7.1.0
========== ==========